oss-sec mailing list archives
Re: Details on this supposed Linux Kernel ksmbd RCE
From: Eric Biggers <ebiggers () kernel org>
Date: Fri, 23 Dec 2022 00:41:11 -0800
On Fri, Dec 23, 2022 at 09:17:28AM +0100, Marcus Meissner wrote:
Hi folks, tldr: I requested 5 CVEs for the new ZDI issues Josh and Jan referenced. long form: Nice surprise 1 day before Christmas.
Note that these bugs were already fixed in upstream and all affected Long Term Support (LTS) kernels months ago. So this is really only a "surprise" for people who choose to use known buggy and insecure kernels that don't follow LTS. Anyway, these sorts of bugs are totally predictable in a complex, new network filesystem server (ksmbd). Personally I recommend not using ksmbd. - Eric
Current thread:
- Details on this supposed Linux Kernel ksmbd RCE Josh Bressers (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Jan Schaumann (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Eric Biggers (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Jeffrey Walton (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Sasha Levin (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
- Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
- Re: Details on this supposed Linux Kernel ksmbd RCE Jan Schaumann (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 31)