Bug 1213423 (CVE-2023-38428) - VUL-0: CVE-2023-38428: kernel-source-azure,kernel-source-rt,kernel-source: wrong UserName check in session_user
Summary: VUL-0: CVE-2023-38428: kernel-source-azure,kernel-source-rt,kernel-source: wr...
Status: RESOLVED FIXED
Alias: CVE-2023-38428
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372754/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-18 10:12 UTC by Thomas Leroy
Modified: 2024-06-11 09:59 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2023-07-18 10:12:10 UTC 
CVE-2023-38428

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in
ksmbd does not properly check the UserName value because it does not consider
the address of security buffer, leading to an out-of-bounds read.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38428
https://www.cve.org/CVERecord?id=CVE-2023-38428
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f
Comment 1 Thomas Leroy 2023-07-18 10:12:26 UTC 
Only stable ships ksmbd but it already has the fix
Comment 2 Joey Lee 2023-07-24 10:10:33 UTC 
(In reply to Thomas Leroy from comment #1)
> Only stable ships ksmbd but it already has the fix

commit f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f         [v6.4-rc3~7^2~2]
Author: Chih-Yen Chang <cc85nod@gmail.com>
Date:   Sat May 6 00:01:54 2023 +0900

    ksmbd: fix wrong UserName check in session_user

Update status:

stable        [v6.4, already included]

reset assigner.
Comment 3 Andrea Mattiazzo 2024-06-11 09:59:10 UTC 
All done, closing.