<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
5 Linux kernel ksmbd vulnerabilities
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: daniel <sd () x17 eu>
Date: Mon, 18 Mar 2024 21:59:12 +0100
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Recently two batches of Linux kernel ksmbd vulnerabilities became public.
Please find here an overview, the attached ZDI information and the
corresponding links to the Linux kernel cve announce messages with
further information.
###
## batch one
###
CVE Link
--------------+---------------------------------------------------------+-----
CVE-2024-26594 https://www.zerodayinitiative.com/advisories/ZDI-24-194/
CVE-2024-26592 https://www.zerodayinitiative.com/advisories/ZDI-24-195/
Vendor notified: 2024-01-11
Coordinated public release date: 2024-02-23
Fixed in following kernels:
Fixed in 6.1.75
Fixed in 6.6.14
Fixed in 6.7.2
Fixed in 6.8-rc1
https://lore.kernel.org/linux-cve-announce/2024022259-CVE-2024-26592-58f7@gregkh/T/#u
https://lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc%40gregkh/
###
## batch two
###
CVE Link
--------------+---------------------------------------------------------+-----
CVE-2023-52442 https://www.zerodayinitiative.com/advisories/ZDI-24-227/
CVE-2023-52441 https://www.zerodayinitiative.com/advisories/ZDI-24-228/
CVE-2023-52440 https://www.zerodayinitiative.com/advisories/ZDI-24-229/
Vendor notified: 2023-07-18 - 2023-08-24
Coordinated public release date: 2024-03-01
Fixed in following kernels:
Fixed in 5.15.145
Fixed in 6.1.53
Fixed in 6.4.16
Fixed in 6.5
https://lore.kernel.org/linux-cve-announce/2024022132-unvented-arguably-5ea9@gregkh/T/#u
https://lore.kernel.org/linux-cve-announce/2024022129-gently-activity-ca7d@gregkh/T/#u
https://lore.kernel.org/linux-cve-announce/2024022123-glance-wrinkle-26c1@gregkh/T/#u
###
## links to reports of older ksmbd vulnerabilities
###
https://www.openwall.com/lists/oss-security/2023/01/04/1
https://www.openwall.com/lists/oss-security/2022/12/22/8Attachment:
ZDI-24-194-ZDI-CAN-22890-CVE-2024-26594.txt
Description:
Attachment:
ZDI-24-195-ZDI-CAN-22991-CVE-2024-26592.txt
Description:
Attachment:
ZDI-24-227-ZDI-CAN-21506-CVE-2023-52442.txt
Description:
Attachment:
ZDI-24-228-ZDI-CAN-21541-CVE-2023-52441.txt
Description:
Attachment:
ZDI-24-229-ZDI-CAN-21940-CVE-2023-52440.txt
Description:
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
5 Linux kernel ksmbd vulnerabilities daniel (Mar 18)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->