In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab out of bounds write in smb_inherit_dacl()
slab out-of-bounds write is caused by that offsets is bigger than pntsd
allocation size. This patch add the check to validate 3 offsets using
allocation size.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/smb/server/smbacl.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "aaf0a07d6088",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "8387c94d73ec",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "09d9d8b40a33",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "712e01f32e57",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "eebff19acaa3",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/smb/server/smbacl.c"
],
"versions": [
{
"version": "5.15.140",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.64",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.5.13",
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.3",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70
git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb
git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa
git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819
git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb