Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a02e432d5130da4c723aabe1205bac805889fdb2
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 2dc125f5da134c0915a840b62565c60a595673dd
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 898d527ed94c19980a4d848f10057f1fed578ffb
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 867ffd9d67285612da3f0498ca618297f8e41f01
6.1.158 (semver)
6.6.115 (semver)
6.12.56 (semver)
6.17.6 (semver)
References
git.kernel.org/...c/a02e432d5130da4c723aabe1205bac805889fdb2
git.kernel.org/...c/2dc125f5da134c0915a840b62565c60a595673dd
git.kernel.org/...c/898d527ed94c19980a4d848f10057f1fed578ffb
git.kernel.org/...c/867ffd9d67285612da3f0498ca618297f8e41f01
