In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate payload size in ipc response
If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.
[
{
"signature_type": "Function",
"id": "CVE-2024-26811-05cee5cc",
"target": {
"function": "share_config_request",
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"digest": {
"function_hash": "246611618478155897205051553898405311301",
"length": 1788.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-230a629c",
"target": {
"file": "fs/ksmbd/ksmbd_netlink.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60171967568202088979183659326108897835",
"304638336325208610505279394516282522771",
"20024411550026699470194089352243676218",
"14025793138563275789458517033069258883"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-26ac8e1f",
"target": {
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244625803570367558373072335254940995808",
"277842254308658267667482297146843758399",
"333130857611691896191982162196718750197",
"18480821472631567648027942180675789610",
"46129976899755702358984268191631254047",
"217900210672844464657320267223798011389",
"158513511586897271163260741496000594927",
"337231024548950079396576481752227376327",
"118765164267048846104531118822021209183",
"155531566410928152591413716174104333593",
"6767275117398538021322497064504119073",
"12451005480390118018548155953498874538",
"111526588661756291921344645652920451156",
"51417053768288194779721102102013736728",
"17161267900228918996263269930833310607"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-2f88725c",
"target": {
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a637fabac554270a851033f5ab402ecb90bc479c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244625803570367558373072335254940995808",
"277842254308658267667482297146843758399",
"333130857611691896191982162196718750197",
"18480821472631567648027942180675789610",
"46129976899755702358984268191631254047",
"217900210672844464657320267223798011389",
"158513511586897271163260741496000594927",
"337231024548950079396576481752227376327",
"118765164267048846104531118822021209183",
"155531566410928152591413716174104333593",
"6767275117398538021322497064504119073",
"12451005480390118018548155953498874538",
"111526588661756291921344645652920451156",
"51417053768288194779721102102013736728",
"17161267900228918996263269930833310607"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-34ce4818",
"target": {
"function": "share_config_request",
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76af689a45aa44714b46d1a7de4ffdf851ded896",
"digest": {
"function_hash": "246611618478155897205051553898405311301",
"length": 1788.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-4c6a99eb",
"target": {
"file": "fs/smb/server/ksmbd_netlink.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60171967568202088979183659326108897835",
"304638336325208610505279394516282522771",
"20024411550026699470194089352243676218",
"14025793138563275789458517033069258883"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-4c8821a1",
"target": {
"file": "fs/smb/server/ksmbd_netlink.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76af689a45aa44714b46d1a7de4ffdf851ded896",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60171967568202088979183659326108897835",
"304638336325208610505279394516282522771",
"20024411550026699470194089352243676218",
"14025793138563275789458517033069258883"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-4f75c5ba",
"target": {
"function": "share_config_request",
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"digest": {
"function_hash": "246611618478155897205051553898405311301",
"length": 1788.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-609b4e7c",
"target": {
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a637fabac554270a851033f5ab402ecb90bc479c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"160439146256148014774627451003568562168",
"4799773111573394985550617367607394653",
"4468041300066797673729032995308599101",
"101182376019647492569653479481107569713"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-65d07d88",
"target": {
"function": "handle_response",
"file": "fs/ksmbd/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"digest": {
"function_hash": "284489075571333709635840878561088885838",
"length": 713.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-6a520172",
"target": {
"function": "ipc_msg_send_request",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a637fabac554270a851033f5ab402ecb90bc479c",
"digest": {
"function_hash": "175327262675171358434349699394629419198",
"length": 643.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-6d0d36b3",
"target": {
"function": "ipc_msg_send_request",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76af689a45aa44714b46d1a7de4ffdf851ded896",
"digest": {
"function_hash": "175327262675171358434349699394629419198",
"length": 643.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-7066db30",
"target": {
"function": "handle_response",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"digest": {
"function_hash": "284489075571333709635840878561088885838",
"length": 713.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-7b425ca9",
"target": {
"function": "handle_response",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a637fabac554270a851033f5ab402ecb90bc479c",
"digest": {
"function_hash": "284489075571333709635840878561088885838",
"length": 713.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-81ce4529",
"target": {
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"digest": {
"threshold": 0.9,
"line_hashes": [
"160439146256148014774627451003568562168",
"4799773111573394985550617367607394653",
"4468041300066797673729032995308599101",
"101182376019647492569653479481107569713"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-85cb36a4",
"target": {
"function": "ipc_msg_send_request",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"digest": {
"function_hash": "175327262675171358434349699394629419198",
"length": 643.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-867e906d",
"target": {
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244625803570367558373072335254940995808",
"277842254308658267667482297146843758399",
"333130857611691896191982162196718750197",
"18480821472631567648027942180675789610",
"46129976899755702358984268191631254047",
"217900210672844464657320267223798011389",
"158513511586897271163260741496000594927",
"337231024548950079396576481752227376327",
"118765164267048846104531118822021209183",
"155531566410928152591413716174104333593",
"6767275117398538021322497064504119073",
"12451005480390118018548155953498874538",
"111526588661756291921344645652920451156",
"51417053768288194779721102102013736728",
"17161267900228918996263269930833310607"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-9ff7c15f",
"target": {
"file": "fs/smb/server/ksmbd_netlink.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a637fabac554270a851033f5ab402ecb90bc479c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60171967568202088979183659326108897835",
"304638336325208610505279394516282522771",
"20024411550026699470194089352243676218",
"14025793138563275789458517033069258883"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-a5da566b",
"target": {
"file": "fs/ksmbd/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"digest": {
"threshold": 0.9,
"line_hashes": [
"160439146256148014774627451003568562168",
"4799773111573394985550617367607394653",
"4468041300066797673729032995308599101",
"101182376019647492569653479481107569713"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-a662782a",
"target": {
"file": "fs/smb/server/ksmbd_netlink.h"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60171967568202088979183659326108897835",
"304638336325208610505279394516282522771",
"20024411550026699470194089352243676218",
"14025793138563275789458517033069258883"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-a7fd08ea",
"target": {
"function": "ipc_msg_send_request",
"file": "fs/ksmbd/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"digest": {
"function_hash": "175327262675171358434349699394629419198",
"length": 643.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-af23d058",
"target": {
"function": "handle_response",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76af689a45aa44714b46d1a7de4ffdf851ded896",
"digest": {
"function_hash": "284489075571333709635840878561088885838",
"length": 713.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-c2142475",
"target": {
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76af689a45aa44714b46d1a7de4ffdf851ded896",
"digest": {
"threshold": 0.9,
"line_hashes": [
"160439146256148014774627451003568562168",
"4799773111573394985550617367607394653",
"4468041300066797673729032995308599101",
"101182376019647492569653479481107569713"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-c25c59ee",
"target": {
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76af689a45aa44714b46d1a7de4ffdf851ded896",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244625803570367558373072335254940995808",
"277842254308658267667482297146843758399",
"333130857611691896191982162196718750197",
"18480821472631567648027942180675789610",
"46129976899755702358984268191631254047",
"217900210672844464657320267223798011389",
"158513511586897271163260741496000594927",
"337231024548950079396576481752227376327",
"118765164267048846104531118822021209183",
"155531566410928152591413716174104333593",
"6767275117398538021322497064504119073",
"12451005480390118018548155953498874538",
"111526588661756291921344645652920451156",
"51417053768288194779721102102013736728",
"17161267900228918996263269930833310607"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-c3aedade",
"target": {
"function": "share_config_request",
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a637fabac554270a851033f5ab402ecb90bc479c",
"digest": {
"function_hash": "246611618478155897205051553898405311301",
"length": 1788.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-c5062fbf",
"target": {
"file": "fs/ksmbd/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244625803570367558373072335254940995808",
"277842254308658267667482297146843758399",
"333130857611691896191982162196718750197",
"18480821472631567648027942180675789610",
"46129976899755702358984268191631254047",
"217900210672844464657320267223798011389",
"158513511586897271163260741496000594927",
"337231024548950079396576481752227376327",
"118765164267048846104531118822021209183",
"155531566410928152591413716174104333593",
"6767275117398538021322497064504119073",
"12451005480390118018548155953498874538",
"111526588661756291921344645652920451156",
"51417053768288194779721102102013736728",
"17161267900228918996263269930833310607"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-d1c0dc04",
"target": {
"function": "share_config_request",
"file": "fs/ksmbd/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"digest": {
"function_hash": "246611618478155897205051553898405311301",
"length": 1788.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-efbfd5e0",
"target": {
"function": "ipc_msg_send_request",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"digest": {
"function_hash": "175327262675171358434349699394629419198",
"length": 643.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26811-efe3d8e4",
"target": {
"function": "handle_response",
"file": "fs/smb/server/transport_ipc.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"digest": {
"function_hash": "284489075571333709635840878561088885838",
"length": 713.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26811-f6b4e8b7",
"target": {
"file": "fs/smb/server/mgmt/share_config.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"digest": {
"threshold": 0.9,
"line_hashes": [
"160439146256148014774627451003568562168",
"4799773111573394985550617367607394653",
"4468041300066797673729032995308599101",
"101182376019647492569653479481107569713"
]
}
}
]