ACK: [SRU][N][PATCH 0/1] CVE-2024-56627
Thibault Ferrante
thibault.ferrante at canonical.com
Fri Feb 21 10:37:50 UTC 2025
Acked-by: Thibault Ferrante <thibault.ferrante at canonical.com>
On 15-02-2025 17:24, Massimiliano Pellizzer wrote:
> [Impact]
>
> ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
>
> An offset from client could be a negative value, It could lead
> to an out-of-bounds read from the stream_buf.
> Note that this issue is coming when setting
> 'vfs objects = streams_xattr parameter' in ksmbd.conf.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2096827)
> Noble: Cherry picked from mainline
> Jammy: Fixed via upstream stable updates (LP: #2095327)
> Focal: Not affected
>
> [Test case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> A regression here is unlikely due to the very limited scope of the
> patch.
>
> Jordy Zomer (1):
> ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
>
> fs/smb/server/smb2pdu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
More information about the kernel-team
mailing list