In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix out of bounds in initsmb2rsp_hdr()
If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.