摘要:
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()
will always return the first request smb2 header in a compound request.
if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will
return 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.
安全等级: Low
公告ID: KylinSec-SA-2024-2233
发布日期: 2024年5月27日
关联CVE: CVE-2023-52442
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()
will always return the first request smb2 header in a compound request.
if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will
return 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-52442 | KY3.4-4A | kernel | Unaffected |
| CVE-2023-52442 | KY3.4-5A | kernel | Unaffected |
