Bug 1213425 (CVE-2023-38430) - VUL-0: CVE-2023-38430: kernel-source,kernel-source-azure,kernel-source-rt: invalidate smb request protocol id
Summary: VUL-0: CVE-2023-38430: kernel-source,kernel-source-azure,kernel-source-rt: in...
Status: RESOLVED FIXED
Alias: CVE-2023-38430
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372756/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-18 10:16 UTC by Thomas Leroy
Modified: 2024-06-12 07:38 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2023-07-18 10:16:08 UTC 
CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not
validate the SMB request protocol ID, leading to an out-of-bounds read.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38430
https://www.cve.org/CVERecord?id=CVE-2023-38430
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9
Comment 1 Thomas Leroy 2023-07-18 10:16:24 UTC 
Only stable ships ksmbd but it already has the fix
Comment 2 Joey Lee 2023-07-24 05:55:50 UTC 
(In reply to Thomas Leroy from comment #1)
> Only stable ships ksmbd but it already has the fix

commit 1c1bcf2d3ea061613119b534f57507c377df20f9         [v6.4-rc6~2^2]
Author: Namjae Jeon <linkinjeon@kernel.org>
Date:   Wed May 31 17:59:32 2023 +0900

    ksmbd: validate smb request protocol id

Update status:

stable        [v6.4, already included]

But, the fs/ksmbd be moved to fs/smb/server since v6.4:

Which means that 15-SP5 or older SLE may still need 1c1bcf2d3ea06 patch. I found that 15-SP5 has no 1c1bcf2d3ea06.
Comment 3 Joey Lee 2023-07-24 05:56:07 UTC 
Hi Paulo, 

Because this issue relates to samba. Could you please help to handle it? 

If this is not in your area, just reset but assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert.

Thanks a lot!
Comment 4 Joey Lee 2023-07-24 06:13:24 UTC 
(In reply to Joey Lee from comment #2)
> (In reply to Thomas Leroy from comment #1)
> > Only stable ships ksmbd but it already has the fix
> 
> commit 1c1bcf2d3ea061613119b534f57507c377df20f9         [v6.4-rc6~2^2]
> Author: Namjae Jeon <linkinjeon@kernel.org>
> Date:   Wed May 31 17:59:32 2023 +0900
> 
>     ksmbd: validate smb request protocol id
> 
> Update status:
> 
> stable        [v6.4, already included]
> 
> But, the fs/ksmbd be moved to fs/smb/server since v6.4:
> 
> Which means that 15-SP5 or older SLE may still need 1c1bcf2d3ea06 patch. I
> found that 15-SP5 has no 1c1bcf2d3ea06.

I just found that the CONFIG_SMB_SERVER is NOT set in 15-SP5. So we don't need the patch in 15-SP5. 

Reset assigner.
Comment 5 Andrea Mattiazzo 2024-06-12 07:38:19 UTC 
All done, closing.