| Message ID | 20240103121241.1723794-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-6606 | expand |
On Wed, Jan 03, 2024 at 09:12:39AM -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An out-of-bounds access in cifs filesystem may lead to crashes or > information leak. > > [Test case] > A PoC from the kernel.org bugzilla was used and a different error message > was present in dmesg as expected: > > [ 518.358312] CIFS: VFS: checkSMB: can't read BCC due to invalid WordCount(240) > > [Backport] > Clean cherry-pick on all kernels. For 5.15 and earlier kernels, the file > has been moved, hence the second patch version. > > [Potential regression] > Failure to mount cifs or filesystem corruption on cifs mounts. > > Paulo Alcantara (1): > smb: client: fix OOB in smbCalcSize() > > fs/smb/client/misc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Jacob Martin <jacob.martin@canonical.com> On 1/3/24 6:12 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An out-of-bounds access in cifs filesystem may lead to crashes or > information leak. > > [Test case] > A PoC from the kernel.org bugzilla was used and a different error message > was present in dmesg as expected: > > [ 518.358312] CIFS: VFS: checkSMB: can't read BCC due to invalid WordCount(240) > > [Backport] > Clean cherry-pick on all kernels. For 5.15 and earlier kernels, the file > has been moved, hence the second patch version. > > [Potential regression] > Failure to mount cifs or filesystem corruption on cifs mounts. > > Paulo Alcantara (1): > smb: client: fix OOB in smbCalcSize() > > fs/smb/client/misc.c | 4 ++++ > 1 file changed, 4 insertions(+) >
On 03/01/2024 13:12, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An out-of-bounds access in cifs filesystem may lead to crashes or > information leak. > > [Test case] > A PoC from the kernel.org bugzilla was used and a different error message > was present in dmesg as expected: > > [ 518.358312] CIFS: VFS: checkSMB: can't read BCC due to invalid WordCount(240) > > [Backport] > Clean cherry-pick on all kernels. For 5.15 and earlier kernels, the file > has been moved, hence the second patch version. > > [Potential regression] > Failure to mount cifs or filesystem corruption on cifs mounts. > > Paulo Alcantara (1): > smb: client: fix OOB in smbCalcSize() > > fs/smb/client/misc.c | 4 ++++ > 1 file changed, 4 insertions(+) > Applied to mantic, lunar, jammy, focal master-next branches. Thanks!
Thadeu Lima de Souza Cascardo kirjoitti 3.1.2024 klo 14.12: > [Impact] > An out-of-bounds access in cifs filesystem may lead to crashes or > information leak. > > [Test case] > A PoC from the kernel.org bugzilla was used and a different error message > was present in dmesg as expected: > > [ 518.358312] CIFS: VFS: checkSMB: can't read BCC due to invalid WordCount(240) > > [Backport] > Clean cherry-pick on all kernels. For 5.15 and earlier kernels, the file > has been moved, hence the second patch version. > > [Potential regression] > Failure to mount cifs or filesystem corruption on cifs mounts. > > Paulo Alcantara (1): > smb: client: fix OOB in smbCalcSize() > > fs/smb/client/misc.c | 4 ++++ > 1 file changed, 4 insertions(+) > applied to oem-6.1-prep, thanks