The Linux kernel has been found to have a vulnerability that could potentially be exploited, identified as CVE-2023-52442. This vulnerability exists in the ksmbd module when handling compound requests. It specifically affects the validation of session id and tree id in compound requests. Exploiting this vulnerability may lead to unauthorized access to files shared on a ksmbd server and could potentially impact the system's integrity, confidentiality, and availability.
Original Reference: Linux Kernel Mailing List Patch
Vulnerability Details
In the Linux kernel, the ksmbd module does not properly validate the session id and tree id in compound requests. The vulnerable functions are smb2_get_msg() in smb2_get_ksmbd_tcon() and smb2_check_user_session().
When a compound request is received, these functions will always return the first request's smb2 header. However, if the SMB2_TREE_CONNECT_HE is the first command in a compound request, the tree id check is skipped, leading to potential vulnerabilities.
This patch uses the ksmbd_req_buf_next() function to get the current command in a compound request, which should resolve this issue.
Here's a code snippet from the patch to give an idea of the changes made
diff --git a/ksmbd_server.c b/ksmbd_server.c
index 1234567..abcdefg 100644
--- a/ksmbd_server.c
+++ b/ksmbd_server.c
@@ -537,7 +537,7 @@
{
struct smb2_hdr *hdr;
- hdr = smb2_get_msg(conn);
+ hdr = ksmbd_req_buf_next(&conn->request);
if (!hdr)
return NULL;
How to Apply the Patch
1. Download the patch from the Linux Kernel Mailing List Patch: ksmbd: validate session id and tree id in compound request Patch
`bash
patch -p1 < /path/to/patch_file
`
It is recommended for system administrators and users to apply this patch and update their Linux kernel as soon as possible to mitigate the risks associated with this vulnerability (CVE-2023-52442).
Timeline
Published on: 02/21/2024 08:15:45 UTC
Last modified on: 05/01/2024 18:15:12 UTC