oss-sec mailing list archives
Re: 5 Linux kernel ksmbd vulnerabilities
From: Hauke Mehrtens <hauke () hauke-m de>
Date: Wed, 20 Mar 2024 01:32:25 +0100
On 3/19/24 04:30, Alexander E. Patrakov wrote:
On Tue, Mar 19, 2024 at 6:11 AM daniel <sd () x17 eu> wrote:Recently two batches of Linux kernel ksmbd vulnerabilities became public. Please find here an overview, the attached ZDI information and the corresponding links to the Linux kernel cve announce messages with further information.I am personally worried about the situation with OpenWrt which would need a new stable release to address this. However, they use a manual backport of this to the 5.15.x kernel.
Hi,OpenWrt 23.05 uses kernel 5.15 and the ksmbd implementation found in this upstream kernel version. OpenWrt plans to do a new service release 23.05.3 in the next days anyway with kernel 5.15.150. This should contain all needed fixes.
OpenWrt 22.03 uses ksmbd from https://github.com/cifsd-team/ksmbd in version 3.4.7. This is probably affected by these problems. Maybe we will update this to 3.4.9 or backport the patches fixing security problems. OpenWrt 22.03 will be EoL in April 2024 anyway.
Hauke
Current thread:
- 5 Linux kernel ksmbd vulnerabilities daniel (Mar 18)
- Re: 5 Linux kernel ksmbd vulnerabilities Alexander E. Patrakov (Mar 18)
- Re: 5 Linux kernel ksmbd vulnerabilities Hauke Mehrtens (Mar 20)
- Re: 5 Linux kernel ksmbd vulnerabilities Alexander E. Patrakov (Mar 18)