In the Linux kernel, the following vulnerability has been...
Unreviewed
Published
Feb 21, 2024
to the GitHub Advisory Database
•
Updated May 1, 2024
Description
Published by the National Vulnerability Database
Feb 21, 2024
Published to the GitHub Advisory Database
Feb 21, 2024
Last updated
May 1, 2024
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
smb2_get_msg()
in smb2_get_ksmbd_tcon() and smb2_check_user_session()will always return the first request smb2 header in a compound request.
if
SMB2_TREE_CONNECT_HE
is the first command in compound request, willreturn 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.
References