ACK: [SRU][N][PATCH 0/1] CVE-2024-56627
Koichiro Den
koichiro.den at canonical.com
Wed Feb 19 02:25:23 UTC 2025
On Sat, Feb 15, 2025 at 05:24:25PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
>
> ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
>
> An offset from client could be a negative value, It could lead
> to an out-of-bounds read from the stream_buf.
> Note that this issue is coming when setting
> 'vfs objects = streams_xattr parameter' in ksmbd.conf.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2096827)
> Noble: Cherry picked from mainline
> Jammy: Fixed via upstream stable updates (LP: #2095327)
> Focal: Not affected
>
> [Test case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> A regression here is unlikely due to the very limited scope of the
> patch.
>
> Jordy Zomer (1):
> ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
>
> fs/smb/server/smb2pdu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
Acked-by: Koichiro Den <koichiro.den at canonical.com>
More information about the kernel-team
mailing list