Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2_set_ea function, which handles Extended Attributes (EA), was performing buffer validation checks that incorrectly omitted the size of the null terminating character (+1 byte) for EA Name. This patch fixes the issue by explicitly adding '+ 1' to EaNameLength where the null terminator is expected to be present in the buffer, ensuring the validation accurately reflects the total required buffer size.
Product status
d070c4dd2a5bed4e9832eec5b6c029c7d14892ea (git) before cae52c592a07e1d3fa3338a5f064a374a5f26750
0ba5439d9afa2722e7728df56f272c89987540a4 (git) before a28a375a5439eb474e9f284509a407efb479c925
0ba5439d9afa2722e7728df56f272c89987540a4 (git) before d26af6d14da43ab92d07bc60437c62901dc522e6
0ba5439d9afa2722e7728df56f272c89987540a4 (git) before 6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4
0ba5439d9afa2722e7728df56f272c89987540a4 (git) before 95d7a890e4b03e198836d49d699408fd1867cb55
bb5bf157b5be1643cccc7cbbe57fcdef9ae52c2c (git)
1a13ecb96230e8b7b91967e292836f7b01ec8111 (git)
404e7c01e16288b5e0171d1d8fd3328e806d0794 (git)
6.6
Any version before 6.6
6.1.160 (semver)
6.6.120 (semver)
6.12.64 (semver)
6.18.3 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/cae52c592a07e1d3fa3338a5f064a374a5f26750
git.kernel.org/...c/a28a375a5439eb474e9f284509a407efb479c925
git.kernel.org/...c/d26af6d14da43ab92d07bc60437c62901dc522e6
git.kernel.org/...c/6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4
git.kernel.org/...c/95d7a890e4b03e198836d49d699408fd1867cb55