ACK: [SRU][J][PATCH 0/1] CVE-2024-35862
Masahiro Yamada
masahiro.yamada at canonical.com
Fri Mar 27 04:58:19 UTC 2026
On 3/25/26 09:46, Tim Whisonant wrote:
> SRU Justification:
>
> [Impact]
>
> smb: client: fix potential UAF in smb2_is_network_name_deleted()
>
> Skip sessions that are being teared down (status == SES_EXITING) to
> avoid UAF.
>
> [Fix]
>
> Questing: not affected
> Noble: fixed separately
> Jammy: backported from upstream
> Focal: not affected
> Bionic: not affected
> Xenial: not affected
> Trusty: won't fix
>
> [Test Plan]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The change affects the SMB2 protocol layer of the CIFS driver
> in order to correct a potential use after free scenario. Issues
> would only affect certain portions of the SMB2 handling for CIFS.
>
> Paulo Alcantara (1):
> smb: client: fix potential UAF in smb2_is_network_name_deleted()
>
> fs/cifs/smb2ops.c | 2 ++
> 1 file changed, 2 insertions(+)
>
Acked-by: Masahiro Yamada <masahiro.yamada at canonical.com>
More information about the kernel-team
mailing list