oss-sec mailing list archives

Re: Details on this supposed Linux Kernel ksmbd RCE

From: Marcus Meissner <meissner () suse de>
Date: Fri, 23 Dec 2022 17:21:29 +0100

Hi,

Mitre has assigned following CVEs, also torvalds mainline commits:

ZDI-22-1687 - CVE-2022-47941
        aa7253c2393f6dcd6a1468b0792f6da76edad917
ZDI-22-1688 - CVE-2022-47942
        8f0541186e9ad1b62accc9519cc2b7a7240272a7
ZDI-22-1689 - CVE-2022-47938
        824d4f64c20093275f72fc8101394d75ff6a249e
ZDI-22-1690 - CVE-2022-47939
        a54c509c32adba9d136f2b9d6a075e8cae1b6d27
ZDI-22-1691 - CVE-2022-47940
        158a66b245739e15858de42c0ba60fcf3de9b8e6

Mitre assigned also from the stable patch, but was not in ZDI set - CVE-2022-47943
        ac60778b87e45576d7bfdbd6f53df902654e6f09

        (I did not request that in my batch, Mitre seemed to have
        picked this from the stable patch.)

I mistakenly declared 5.13-5.19 affectedness to Mitre in a hurry,
but it is more 5.15 - 5.18.x / 5.19.x

Ciao, Marcus


On Thu, Dec 22, 2022 at 04:49:04PM -0500, Jan Schaumann wrote:

Josh Bressers <josh () bress net> wrote:

I was wondering if anyone on the list has additional details about this ZDI
advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

There aren't many usable details at the moment


Agreed.

The advisories link to a changelog in
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
but it's unclear (to me) whether that implies v6.x
kernels are not affected?

Note also that this disclosure is accompanied by a few
others:

Authenticated remote information disclosure:
https://www.zerodayinitiative.com/advisories/ZDI-22-1691/

Unauthenticated remote DoS:
https://www.zerodayinitiative.com/advisories/ZDI-22-1687/

Authenticated RCE:
https://www.zerodayinitiative.com/advisories/ZDI-22-1688/

Authenticated DoS:
https://www.zerodayinitiative.com/advisories/ZDI-22-1689/

Lastly, given that this is a coordinated disclosure,
I don't know why there are no CVE IDs reserved for
these.

-Jan


-- 
Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security
SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman, HRB 36809, AG Nuernberg

Current thread:

Re: Details on this supposed Linux Kernel ksmbd RCE, (continued)
- - - Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Eric Biggers (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Jeffrey Walton (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Sasha Levin (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
    - Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
  - Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
    - Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 31)