Bug 1213422 (CVE-2023-38427) - VUL-0: CVE-2023-38427: kernel-source-rt,kernel-source,kernel-source-azure: out-of-bound read in deassemble_neg_contexts()
Summary: VUL-0: CVE-2023-38427: kernel-source-rt,kernel-source,kernel-source-azure: ou...
Status: RESOLVED FIXED
Alias: CVE-2023-38427
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372753/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-18 10:07 UTC by Thomas Leroy
Modified: 2024-06-07 15:18 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2023-07-18 10:07:45 UTC 
CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read
in deassemble_neg_contexts.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38427
https://www.cve.org/CVERecord?id=CVE-2023-38427
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=f1a411873c85b642f13b01f21b534c2bab81fc1b
Comment 1 Thomas Leroy 2023-07-18 10:09:29 UTC 
Only stable ships ksmbd but it already has the fix
Comment 2 Joey Lee 2023-07-24 07:00:45 UTC 
(In reply to Thomas Leroy from comment #1)
> Only stable ships ksmbd but it already has the fix

commit f1a411873c85b642f13b01f21b534c2bab81fc1b         [v6.4-rc6~2^2~4]
Author: Namjae Jeon <linkinjeon@kernel.org>
Date:   Sun May 28 00:23:09 2023 +0900

    ksmbd: fix out-of-bound read in deassemble_neg_contexts()


update status:

stable        [v6.4, already included]

reset assigner
Comment 3 Gabriele Sonnu 2024-06-07 15:18:21 UTC 
All, done,, closing.