Bug 1222805 (CVE-2024-26811)

Summary:	VUL-0: CVE-2024-26811: kernel: ksmbd: validate payload size in ipc response
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	abergmann, gabriel.bertazi, osalvador
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/400708/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-26811:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-04-15 09:11:24 UTC

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate payload size in ipc response

If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc
response to ksmbd kernel server. ksmbd should validate payload size of
ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26811
https://bugzilla.redhat.com/show_bug.cgi?id=2273967
https://www.cve.org/CVERecord?id=CVE-2024-26811
https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-26811.mbox
https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd
https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896
https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RO3RO34MLQ6WT3A7O6STQUVXW43N6W3K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG6L4FXO4WNWUM6W7USOH2YTRVWREM3V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XCNJZBDMGJXRIKLGKM4RRJU4XCHPX62/

Comment 1 Oscar Salvador 2024-04-19 11:04:23 UTC

@Enzo: Can you have a look?

./scripts/check-kernel-fix CVE-2024-26811
a677ebd8ca2f ("ksmbd: validate payload size in ipc response") merged v6.9-rc3~27^2~1
No Fixes tag. Requires manual review for affected branches.
Security fix for CVE-2024-26811 bsc#1222805 with CVSS 5.5
..............................
ACTION NEEDED!
SLE15-SP6: MANUAL: might need backport of a677ebd8ca2f2632ccdecbad7b87641274e15aac ()
SLE15-SP5: MANUAL: might need backport of a677ebd8ca2f2632ccdecbad7b87641274e15aac ()
SLE12-SP5: MANUAL: might need backport of a677ebd8ca2f2632ccdecbad7b87641274e15aac ()
SLE12-SP3-TD: MANUAL: might need backport of a677ebd8ca2f2632ccdecbad7b87641274e15aac ()

Comment 2 Gabriel Krisman Bertazi 2024-05-12 22:35:07 UTC

Hi Enzo,  gently ping for an update on this issue. If we are no longer affected, please forward back to the security team per [1]

In that case, can you please reassign back to sec team [1].

Thank you!
 
[1] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security