| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Jan 2024 19:14:57 +0100
From: Ben Hutchings <benh@...ian.org>
To: Paulo Alcantara <pc@...guebit.com>, Salvatore Bonaccorso
<carnil@...ian.org>, Steve French <sfrench@...ba.org>, Ronnie Sahlberg
<lsahlber@...hat.com>, Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey
<tom@...pey.com>
Cc: linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org,
linux-kernel@...r.kernel.org
Subject: Re: Information on use-after-free in smb2_is_status_io_timeout()?
On Fri, 2024-01-05 at 11:04 -0300, Paulo Alcantara wrote:
> Salvatore Bonaccorso <carnil@...ian.org> writes:
>
> > There is a Red Hat bugzilla report in
> > https://bugzilla.redhat.com/show_bug.cgi?id=2154178 about a
> > use-after-free in smb2_is_status_io_timeout() . While the commit noted
> > initially there seems not correct, Ben Hutchings raised a question on
> > more information in
> > https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c24 .
> >
> > (there is a CVE assigned for it, CVE-2023-1192)
>
> That is supposed to be fixed by
>
> d527f51331ca ("cifs: Fix UAF in cifs_demultiplex_thread()")
>
> While the commit refers to an UAF in ->is_network_name_deleted(), this
> should also work for smb2_is_status_io_timeout(), AFAICT.
I think that's a different UAF bug that happens to affect the same
function.
Ben.
--
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists