Bug 1211530 (CVE-2023-32248)

Summary: VUL-0: CVE-2023-32248: kernel: Linux Kernel ksmbd Tree Connection NULL Pointer Dereference Denial-of-Service Vulnerability
Product: [openSUSE] openSUSE Tumbleweed Reporter: Stoyan Manolov <stoyan.manolov>
Component: KernelAssignee: Enzo Matsumiya <ematsumiya>
Status: RESOLVED UPSTREAM QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium CC: ddiss, meissner, mkoutny, security-team
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/366974/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stoyan Manolov 2023-05-19 07:33:19 UTC 
CVE-2023-32248

This vulnerability allows remote attackers to create a denial-of-service
condition on affected installations of Linux Kernel. Authentication is not
required to exploit this vulnerability, but only systems with ksmbd enabled are
vulnerable.

The specific flaw exists within the handling of SMB2_TREE_CONNECT and
SMB2_QUERY_INFO commands. The issue results from the lack of proper validation
of a pointer prior to accessing it. An attacker can leverage this vulnerability
to create a denial-of-service condition on the system.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32248
https://www.zerodayinitiative.com/advisories/ZDI-23-696/
Comment 2 Michal Koutný 2023-05-22 16:19:40 UTC 
Reassigning to a concrete person to ensure progress [1] (feel free to pass to next one), see also the process at [2].
 
The report translates to
https://github.com/torvalds/linux/commit/3ac00a2ab69b34189942afa9e862d5170cdcb018

Possibly needed in the `stable` branch before v6.4 is out.
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
[2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security