[SRU][J][PATCH 0/1] CVE-2024-35862
Tim Whisonant
tim.whisonant at canonical.com
Wed Mar 25 00:46:46 UTC 2026
SRU Justification:
[Impact]
smb: client: fix potential UAF in smb2_is_network_name_deleted()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
[Fix]
Questing: not affected
Noble: fixed separately
Jammy: backported from upstream
Focal: not affected
Bionic: not affected
Xenial: not affected
Trusty: won't fix
[Test Plan]
Compile and boot tested.
[Where problems could occur]
The change affects the SMB2 protocol layer of the CIFS driver
in order to correct a potential use after free scenario. Issues
would only affect certain portions of the SMB2 handling for CIFS.
Paulo Alcantara (1):
smb: client: fix potential UAF in smb2_is_network_name_deleted()
fs/cifs/smb2ops.c | 2 ++
1 file changed, 2 insertions(+)
--
2.43.0
More information about the kernel-team
mailing list