Page 191 of 3029 results (0.029 seconds)

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: validar la identificación de la sesión y la identificación del árbol en la solicitud compuesta `smb2_get_msg()` en smb2_get_ksmbd_tcon() y smb2_check_user_session() siempre devolverá el encabezado smb2 de la primera solicitud en una solicitud compuesta. si `SMB2_TREE_CONNECT_HE` es el primer comando en la solicitud compuesta, devolverá 0, es decir, se omite la verificación de identificación del árbol. Este parche usa ksmbd_req_buf_next() para obtener el comando actual en compuesto. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693 https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e •

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrección fuera de los límites en init_smb2_rsp_hdr() Si el cliente envía una solicitud de negociación smb2 y luego envía una solicitud de negociación smb1, se llama a init_smb2_rsp_hdr para la solicitud de negociación smb1 ya que need_neg está configurado en falso. Este parche ignora los paquetes smb1 después de que ->need_neg se establece en falso. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige el desbordamiento de slub en ksmbd_decode_ntlmssp_auth_blob() Si authblob->SessionKey.Length es mayor que el tamaño de la clave de sesión (CIFS_KEY_SIZE), puede ocurrir un desbordamiento de slub en los códigos de intercambio de claves. cifs_arc4_crypt copia a la matriz de claves de sesión desde SessionKey del cliente. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of session keys. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. • https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809 https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4 https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20 https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: termina explícitamente en nulo la lista xattr Al configurar un xattr, termina explícitamente en nulo la lista xattr. Esto elimina la frágil suposición de que el espacio xattr no utilizado siempre se pone a cero. • https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135 https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52 https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11 https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36 https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a •

CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x181/0x480 ? search_module_extables+0x19/0x60 ? srso_alias_return_thunk+0x5/0xfbef5 ? • https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5 https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48 https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29 https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://access.redhat.com/security/cve/CVE-2023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •