ACK: [SRU][Jammy][PATCH 0/1] CVE-2023-32247
Cengiz Can
cengiz.can at canonical.com
Wed Feb 7 20:12:18 UTC 2024
On Tue, 2024-02-06 at 11:49 -0600, Bethany Jamison wrote:
> [Impact]
>
> A flaw was found in the Linux kernel's ksmbd, a high-performance in-
> kernel
> SMB server. The specific flaw exists within the handling of
> SMB2_SESSION_SETUP commands. The issue results from the lack of
> control of
> resource consumption. An attacker can leverage this vulnerability to
> create
> a denial-of-service condition on the system.
>
> [Fix]
>
> Jammy: Backported - Jammy code structure was different in smb2pdu.h
> than
> upstream, I found the relevant code chunk and implemented the fix
> commit's
> intended change.
>
> [Test Case]
>
> Compile and boot test.
>
> [Regression Potential]
>
> Issues could occur when requesting to setup a new session.
>
> Namjae Jeon (1):
> ksmbd: destroy expired sessions
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
> fs/ksmbd/mgmt/user_session.c | 68 ++++++++++++++++++++--------------
> --
> fs/ksmbd/mgmt/user_session.h | 1 +
> fs/ksmbd/smb2pdu.c | 1 +
> fs/ksmbd/smb2pdu.h | 2 ++
> 4 files changed, 41 insertions(+), 31 deletions(-)
>
> --
> 2.34.1
>
>
More information about the kernel-team
mailing list