CVE-2023-52442

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate session id and tree id in compound request

smb2_get_msg() in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if SMB2_TREE_CONNECT_HE is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 017d85c94f02090a87f4a473dbe0d6ee0da72693affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < becb5191d1d5fdfca0198a2e37457bbbf4fe266faffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 4c2b350b2e269e3fd17bbfa42de1b42775b777acaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 3df0411e132ee74a87aa13142dfd2b190275332eaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.145 <= 5.15.*unaffected
LinuxLinux6.1.53 <= 6.1.*unaffected
LinuxLinux6.4.16 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References