Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2024-26594 CVE-2024-26592 CVE-2023-52442 CVE-2023-52441 CVE-2023-52440

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
5 Linux kernel ksmbd vulnerabilities

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: daniel &lt;sd () x17 eu&gt;

Date: Mon, 18 Mar 2024 21:59:12 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Recently two batches of Linux kernel ksmbd vulnerabilities became public.

Please find here an overview, the attached ZDI information and the 
corresponding links to the Linux kernel cve announce messages with 
further information.

###
##      batch one
###
CVE            Link
--------------+---------------------------------------------------------+-----
CVE-2024-26594 https://www.zerodayinitiative.com/advisories/ZDI-24-194/
CVE-2024-26592 https://www.zerodayinitiative.com/advisories/ZDI-24-195/

Vendor notified: 2024-01-11
Coordinated public release date: 2024-02-23

Fixed in following kernels:
Fixed in 6.1.75
Fixed in 6.6.14
Fixed in 6.7.2
Fixed in 6.8-rc1

https://lore.kernel.org/linux-cve-announce/2024022259-CVE-2024-26592-58f7@gregkh/T/#u
https://lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc%40gregkh/

###
##      batch two
###
CVE            Link
--------------+---------------------------------------------------------+-----
CVE-2023-52442 https://www.zerodayinitiative.com/advisories/ZDI-24-227/
CVE-2023-52441 https://www.zerodayinitiative.com/advisories/ZDI-24-228/
CVE-2023-52440 https://www.zerodayinitiative.com/advisories/ZDI-24-229/

Vendor notified: 2023-07-18 - 2023-08-24
Coordinated public release date: 2024-03-01

Fixed in following kernels:
Fixed in 5.15.145
Fixed in 6.1.53
Fixed in 6.4.16
Fixed in 6.5

https://lore.kernel.org/linux-cve-announce/2024022132-unvented-arguably-5ea9@gregkh/T/#u
https://lore.kernel.org/linux-cve-announce/2024022129-gently-activity-ca7d@gregkh/T/#u
https://lore.kernel.org/linux-cve-announce/2024022123-glance-wrinkle-26c1@gregkh/T/#u

###
##      links to reports of older ksmbd vulnerabilities
###
https://www.openwall.com/lists/oss-security/2023/01/04/1
https://www.openwall.com/lists/oss-security/2022/12/22/8Attachment:
ZDI-24-194-ZDI-CAN-22890-CVE-2024-26594.txt
Description: 
Attachment:
ZDI-24-195-ZDI-CAN-22991-CVE-2024-26592.txt
Description: 
Attachment:
ZDI-24-227-ZDI-CAN-21506-CVE-2023-52442.txt
Description: 
Attachment:
ZDI-24-228-ZDI-CAN-21541-CVE-2023-52441.txt
Description: 
Attachment:
ZDI-24-229-ZDI-CAN-21940-CVE-2023-52440.txt
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

5 Linux kernel ksmbd vulnerabilities daniel (Mar 18)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

5 Linux kernel ksmbd vulnerabilities

Vulmon Search

About

Products

Connect