Bugzilla – Bug 1213426
VUL-0: CVE-2023-38431: kernel-source,kernel-source-azure,kernel-source-rt: out-of-bounds read in ksmbd_conn_handler_loop
Last modified: 2024-06-07 12:13:19 UTC
CVE-2023-38431 An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38431 https://www.cve.org/CVERecord?id=CVE-2023-38431 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=368ba06881c395f1c9a7ba22203cf8d78b4addc0
Only stable ships ksmbd but it already has the fix
(In reply to Thomas Leroy from comment #1) > Only stable ships ksmbd but it already has the fix Bug 1213426 (CVE-2023-38431) - VUL-0: CVE-2023-38431: kernel-source,kernel-source-azure,kernel-source-rt: out-of-bounds read in ksmbd_conn_handler_loop [v6.4-rc6~2^2~1] https://bugzilla.suse.com/show_bug.cgi?id=1213426 commit 368ba06881c395f1c9a7ba22203cf8d78b4addc0 Author: Namjae Jeon <linkinjeon@kernel.org> Date: Tue May 30 23:10:31 2023 +0900 ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop Update status stable [v6.4, already included] But, the fs/ksmbd be moved to fs/smb/server since v6.4: Which means that 15-SP5 or older SLE may still need 443d61d1fa patch. I found that 15-SP5 has 38c8a9a52082 but no 368ba06881c.
Hi Paulo, Because this issue relates to samba. Could you please help to handle it? If this is not in your area, just reset but assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert. Thanks a lot!
(In reply to Joey Lee from comment #2) > (In reply to Thomas Leroy from comment #1) > > Only stable ships ksmbd but it already has the fix > > > Bug 1213426 (CVE-2023-38431) - VUL-0: CVE-2023-38431: > kernel-source,kernel-source-azure,kernel-source-rt: out-of-bounds read in > ksmbd_conn_handler_loop [v6.4-rc6~2^2~1] > https://bugzilla.suse.com/show_bug.cgi?id=1213426 > > commit 368ba06881c395f1c9a7ba22203cf8d78b4addc0 > Author: Namjae Jeon <linkinjeon@kernel.org> > Date: Tue May 30 23:10:31 2023 +0900 > > ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop > > > Update status > > stable [v6.4, already included] > > But, the fs/ksmbd be moved to fs/smb/server since v6.4: > > Which means that 15-SP5 or older SLE may still need 443d61d1fa patch. I ^^^^^^^^^^ 368ba06881c > found that 15-SP5 has 38c8a9a52082 but no 368ba06881c. sorry for my typo
(In reply to Joey Lee from comment #2) > (In reply to Thomas Leroy from comment #1) > > Only stable ships ksmbd but it already has the fix > > > Bug 1213426 (CVE-2023-38431) - VUL-0: CVE-2023-38431: > kernel-source,kernel-source-azure,kernel-source-rt: out-of-bounds read in > ksmbd_conn_handler_loop [v6.4-rc6~2^2~1] > https://bugzilla.suse.com/show_bug.cgi?id=1213426 > > commit 368ba06881c395f1c9a7ba22203cf8d78b4addc0 > Author: Namjae Jeon <linkinjeon@kernel.org> > Date: Tue May 30 23:10:31 2023 +0900 > > ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop > > > Update status > > stable [v6.4, already included] > > But, the fs/ksmbd be moved to fs/smb/server since v6.4: > > Which means that 15-SP5 or older SLE may still need 443d61d1fa patch. I > found that 15-SP5 has 38c8a9a52082 but no 368ba06881c. I just found that the CONFIG_SMB_SERVER is NOT set in 15-SP5. So we don't need the patch in 15-SP5. Reset assigner.
All done, closing.