oss-sec mailing list archives
5 Linux kernel ksmbd vulnerabilities
From: daniel <sd () x17 eu>
Date: Mon, 18 Mar 2024 21:59:12 +0100
Recently two batches of Linux kernel ksmbd vulnerabilities became public.Please find here an overview, the attached ZDI information and the corresponding links to the Linux kernel cve announce messages with further information.
### ## batch one ### CVE Link --------------+---------------------------------------------------------+----- CVE-2024-26594 https://www.zerodayinitiative.com/advisories/ZDI-24-194/ CVE-2024-26592 https://www.zerodayinitiative.com/advisories/ZDI-24-195/ Vendor notified: 2024-01-11 Coordinated public release date: 2024-02-23 Fixed in following kernels: Fixed in 6.1.75 Fixed in 6.6.14 Fixed in 6.7.2 Fixed in 6.8-rc1 https://lore.kernel.org/linux-cve-announce/2024022259-CVE-2024-26592-58f7@gregkh/T/#u https://lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc%40gregkh/ ### ## batch two ### CVE Link --------------+---------------------------------------------------------+----- CVE-2023-52442 https://www.zerodayinitiative.com/advisories/ZDI-24-227/ CVE-2023-52441 https://www.zerodayinitiative.com/advisories/ZDI-24-228/ CVE-2023-52440 https://www.zerodayinitiative.com/advisories/ZDI-24-229/ Vendor notified: 2023-07-18 - 2023-08-24 Coordinated public release date: 2024-03-01 Fixed in following kernels: Fixed in 5.15.145 Fixed in 6.1.53 Fixed in 6.4.16 Fixed in 6.5 https://lore.kernel.org/linux-cve-announce/2024022132-unvented-arguably-5ea9@gregkh/T/#u https://lore.kernel.org/linux-cve-announce/2024022129-gently-activity-ca7d@gregkh/T/#u https://lore.kernel.org/linux-cve-announce/2024022123-glance-wrinkle-26c1@gregkh/T/#u ### ## links to reports of older ksmbd vulnerabilities ### https://www.openwall.com/lists/oss-security/2023/01/04/1 https://www.openwall.com/lists/oss-security/2022/12/22/8
Attachment:
ZDI-24-194-ZDI-CAN-22890-CVE-2024-26594.txt
Description:
Attachment:
ZDI-24-195-ZDI-CAN-22991-CVE-2024-26592.txt
Description:
Attachment:
ZDI-24-227-ZDI-CAN-21506-CVE-2023-52442.txt
Description:
Attachment:
ZDI-24-228-ZDI-CAN-21541-CVE-2023-52441.txt
Description:
Attachment:
ZDI-24-229-ZDI-CAN-21940-CVE-2023-52440.txt
Description:
Current thread:
- 5 Linux kernel ksmbd vulnerabilities daniel (Mar 18)
- Re: 5 Linux kernel ksmbd vulnerabilities Alexander E. Patrakov (Mar 18)
- Re: 5 Linux kernel ksmbd vulnerabilities Hauke Mehrtens (Mar 20)
- Re: 5 Linux kernel ksmbd vulnerabilities Alexander E. Patrakov (Mar 18)