1213542 – VUL-0: kernel-source,kernel-source-azure,kernel-source-rt: ksmbd Chained Request NULL Pointer Dereference Denial-of-Service Vulnerability

Bug 1213542 - VUL-0: kernel-source,kernel-source-azure,kernel-source-rt: ksmbd Chained Request NULL Pointer Dereference Denial-of-Service Vulnerability

Summary: VUL-0: kernel-source,kernel-source-azure,kernel-source-rt: ksmbd Chained Requ...

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/373140/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-07-21 07:04 UTC by Thomas Leroy
Modified:	2024-05-22 11:07 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2023-07-21 07:04:01 UTC

ZDI-23-979

This vulnerability allows remote attackers to create a denial-of-service
condition on affected installations of Linux Kernel. Authentication is not
required to exploit this vulnerability, but only systems with ksmbd enabled are
vulnerable.

The specific flaw exists within the handling of chained requests. The issue
results from dereferencing a NULL pointer. An attacker can leverage this
vulnerability to create a denial-of-service condition on the system.

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-979/

Comment 1 Thomas Leroy 2023-07-21 07:04:55 UTC

ksmbd is only built in stable, which already has the fix

Comment 2 Joey Lee 2023-07-24 06:09:52 UTC

(In reply to Thomas Leroy from comment #1)
> ksmbd is only built in stable, which already has the fix

Confirmed stable is v6.4. R(In reply to Thomas Leroy from comment #1)
> ksmbd is only built in stable, which already has the fix

commit 5005bcb4219156f1bf7587b185080ec1da08518e         [v6.4~32^2]
Author: Namjae Jeon <linkinjeon@kernel.org>
Date:   Thu Jun 15 22:05:29 2023 +0900

    ksmbd: validate session id and tree id in the compound request

Update status:

stable    [v6.4, already included]

Reset assigner

Comment 3 Robert Frohl 2024-05-22 11:07:28 UTC

closing