oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Details on this supposed Linux Kernel ksmbd RCE

From: Jan Schaumann <jschauma () netmeister org>
Date: Thu, 22 Dec 2022 16:49:04 -0500
Josh Bressers <josh () bress net> wrote:
 

I was wondering if anyone on the list has additional details about this ZDI
advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

There aren't many usable details at the moment


Agreed.

The advisories link to a changelog in
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
but it's unclear (to me) whether that implies v6.x
kernels are not affected?

Note also that this disclosure is accompanied by a few
others:

Authenticated remote information disclosure:
https://www.zerodayinitiative.com/advisories/ZDI-22-1691/

Unauthenticated remote DoS:
https://www.zerodayinitiative.com/advisories/ZDI-22-1687/

Authenticated RCE:
https://www.zerodayinitiative.com/advisories/ZDI-22-1688/

Authenticated DoS:
https://www.zerodayinitiative.com/advisories/ZDI-22-1689/

Lastly, given that this is a coordinated disclosure,
I don't know why there are no CVE IDs reserved for
these.

-Jan
Previous By Date Next
Previous By Thread Next

Current thread: