[SRU][F/J][PATCH 0/2] CVE-2024-35864/CVE-2024-26928
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Feb 7 01:10:50 UTC 2025
[Impact]
When a smb client is disconnecting or, specifically, tearing down a
session, an use-after-free vulnerability might happen, potentially
leading to privilege escalation or system crash.
[Backport]
The fix commit for CVE-2024-26928 introduces a dependent helper function
for CVE-2024-35864, thus combining them together.
For PATCH 1/2, there are certain variables hasn't been
renamed/introduced yet:
- ses->ses_status was ses->status.
- SES_EXITING was CifsExiting.
- use GlobalMid_Lock instead of ses->ses_lock since the latter hasn't
been introduced.
For PATCH 2/2, the context conflict is irrelevant to the fix, thus
ignore it and add the if statement.
[Test]
Compile tested only.
[Where Problems Could Occur]
Regression might happen when a smb client is tearing down a session.
Paulo Alcantara (2):
smb: client: fix potential UAF in cifs_debug_files_proc_show()
smb: client: fix potential UAF in smb2_is_valid_lease_break()
fs/cifs/cifs_debug.c | 2 ++
fs/cifs/cifsglob.h | 10 ++++++++++
fs/cifs/smb2misc.c | 2 ++
3 files changed, 14 insertions(+)
--
2.43.0
More information about the kernel-team
mailing list