In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential OOBs in smb2_parse_contexts()
Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts().
This fixes following oops when accessing invalid create contexts from
server:
BUG: unable to handle page fault for address: ffff8881178d8cc3
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4a01067 P4D 4a01067 PUD 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x181/0x480
? search_module_extables+0x19/0x60
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x1b6/0x1c0
? asm_exc_page_fault+0x26/0x30
? smb2_parse_contexts+0xa0/0x3a0 [cifs]
SMB2_open+0x38d/0x5f0 [cifs]
? smb2_is_path_accessible+0x138/0x260 [cifs]
smb2_is_path_accessible+0x138/0x260 [cifs]
cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs]
cifs_smb3_do_mount+0x128/0x780 [cifs]
smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100
? capable+0x37/0x70
path_mount+0x2d7/0xb80
? srso_alias_return_thunk+0x5/0xfbef5
? _raw_spin_unlock_irqrestore+0x44/0x60
__x64_sys_mount+0x11a/0x150
do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f8737657b1e
References
Configurations
Configuration 1 (hide)
|
History
25 Jun 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 May 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2024, 14:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5 - Patch | |
References | () https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa - Patch | |
References | () https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29 - Patch | |
References | () https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48 - Patch | |
References | () https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
First Time |
Linux linux Kernel
Linux |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-119 |
01 Mar 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
20 Feb 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-20 18:15
Updated : 2024-06-25 22:15
NVD link : CVE-2023-52434
Mitre link : CVE-2023-52434
CVE.ORG link : CVE-2023-52434
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer