摘要:

In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()If authblob->SessionKey.Length is bigger than session keysize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.cifs_arc4_crypt copy to session key array from SessionKey from client.

安全等级: Low

公告ID: KylinSec-SA-2024-2224

发布日期: 2024年5月27日

关联CVE: CVE-2023-52440