lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKYAXd-v9r0kKU9wO1ZZAtFju4H+OsG8RA3iYd15=eR6d5VEaQ@mail.gmail.com>
Date: Thu, 23 Oct 2025 08:13:33 +0900
From: Namjae Jeon <linkinjeon@...nel.org>
To: くさあさ <pioooooooooip@...il.com>
Cc: Steve French <smfrench@...il.com>, Sergey Senozhatsky <senozhatsky@...omium.org>, 
	Tom Talpey <tom@...pey.com>, linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org, 
	gregkh@...uxfoundation.org, stable@...r.kernel.org
Subject: Re: [PATCH] ksmbd: transport_ipc: validate payload size before
 reading handle

On Wed, Oct 22, 2025 at 7:45 PM くさあさ <pioooooooooip@...il.com> wrote:
>
> Hi Namjae, Steve,
Hi,
>
> Thanks for updating the patch. I’ve reviewed the changes and they look good to me.
Okay.
>
> Minor impact note: this patch prevents a 4-byte out-of-bounds read in ksmbd’s handle_response() when the declared Generic Netlink payload size is < 4.
> If a remote client can influence ksmbd.mountd to emit a truncated payload, this could be remotely triggerable (info-leak/DoS potential).
I don't understand how this is possible. Could you please explain it
to me via private email?
> If you consider this security-impacting, I’m happy to request a CVE via the kernel.org CNA.
>
> Thanks!!
> Qianchang Zhao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ