Bug 1213544

Summary: VUL-0: kernel-source,kernel-source-azure,kernel-source-rt: ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jlee, rfrohl, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/373139/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-07-21 07:09:48 UTC 
ZDI-23-980

This vulnerability allows remote attackers to disclose sensitive information on
affected installations of Linux Kernel. Authentication may or may not be
required to exploit this vulnerability, depending upon configuration.
Furthermore, only systems with ksmbd enabled are vulnerable.

The specific flaw exists within the parsing of smb2_hdr structure. The issue
results from the lack of proper validation of user-supplied data, which can
result in a read past the end of an allocated buffer. An attacker can leverage
this in conjunction with other vulnerabilities to execute arbitrary code in the
context of the kernel.

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-980/
Comment 1 Thomas Leroy 2023-07-21 07:09:54 UTC 
ksmbd is only built in stable, which already has the fix
Comment 2 Joey Lee 2023-07-24 06:50:36 UTC 
(In reply to Thomas Leroy from comment #1)
> ksmbd is only built in stable, which already has the fix

commit 5fe7f7b78290638806211046a99f031ff26164e1         [v6.4~32^2~1]
Author: Namjae Jeon <linkinjeon@kernel.org>
Date:   Thu Jun 15 22:04:40 2023 +0900

    ksmbd: fix out-of-bound read in smb2_write

update status:

stable    [v6.4, already included]

Reset assigner
Comment 3 Robert Frohl 2024-05-22 11:06:38 UTC 
closing