Description
In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of referrals smaller than NumberOfReferrals in the header Processing of such replies will cause oob. Return -EINVAL error on such replies to prevent oob-s.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before cfacc7441f760e4a73cc71b6ff1635261d534657
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 15c73964da9df994302f579ed14ee5fdbce7a332
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before bb0f2e66e1ac043a5b238f5bcab4f26f3c317039
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 6447b0e355562a1ff748c4a2ffb89aae7e84d2c9
6.1.158 (semver)
6.6.114 (semver)
6.12.55 (semver)
6.17.5 (semver)
6.18-rc2 (original_commit_for_fix)
References
git.kernel.org/...c/cfacc7441f760e4a73cc71b6ff1635261d534657
git.kernel.org/...c/15c73964da9df994302f579ed14ee5fdbce7a332
git.kernel.org/...c/8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058
git.kernel.org/...c/bb0f2e66e1ac043a5b238f5bcab4f26f3c317039
git.kernel.org/...c/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9
