4 matches found
UBUNTU-CVE-2025-71151
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...
kernel: smb: client: Handle kstrdup failures for passwords
In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3reconfigure, after duplicating ctx-password and ctx-password2 with kstrdup, we need to check for allocation failures. If ses-password allocation fails, return -ENOMEM. If...
UBUNTU-CVE-2024-50120
In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3reconfigure, after duplicating ctx-password and ctx-password2 with kstrdup, we need to check for allocation failures. If ses-password allocation fails, return -ENOMEM. If...
CVE-2024-50120
CVE-2024-50120 affects the Linux kernel SMB client. The vulnerability stems from missing checks for kstrdup failures when duplicating passwords in smb3_reconfigure(), leading to ses->password or ses->password2 allocation failures. The documented remediation is to return -ENOMEM if ses->p...