Bug 1220182 (CVE-2023-52440) - VUL-0: CVE-2023-52440: kernel-source,kernel-source-azure,kernel-source-rt: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
Summary: VUL-0: CVE-2023-52440: kernel-source,kernel-source-azure,kernel-source-rt: ks...
Status: RESOLVED FIXED
Alias: CVE-2023-52440
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/394723/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-22 08:30 UTC by SMASH SMASH
Modified: 2024-06-25 18:10 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-22 08:30:40 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()

If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52440
https://www.cve.org/CVERecord?id=CVE-2023-52440
https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba
https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254
https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4
https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809
https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20
Comment 1 Thomas Leroy 2024-02-22 08:31:49 UTC 
ksmbd only built on stable, which is already fixed. So I guess we're good
Comment 2 Joey Lee 2024-02-23 05:37:18 UTC 
I checked SLE11-SP4-LTSS, SLE15-SP5, SLE15-SP6. We did NOT enable CONFIG_SMB_SERVER since long time ago.

And, stable (Tumbleweed) kernel set CONFIG_SMB_SERVER=m, but ksmbd is NOT in supported.config.

So, this CVE of ksmbd does not affect SLE/openSUSE.

Reset assigner.
Comment 3 Thomas Leroy 2024-02-23 08:18:26 UTC 
Thanks Joey, closing