Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION requestfrom client. ksmbd find next smb2_ea_info using ->NextEntryOffset ofcurrent smb2_ea_info. ksmbd need to validate buffer length Beforeaccessing the next ea. ksmbd should check buffer length using buf_len,not next variable. next is the start offset of current ea that got fromprevious ea.
No PoCs from references.
- https://github.com/BitsByWill/ksmbd-n-day
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/fkie-cad/nvd-json-data-feeds