References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"),
response buffer management was changed to use dynamic iov array.
In the new design, smb2_calc_max_out_buf_len() expects the second
argument (hdr2_len) to be the offset of ->Buffer field in the
response structure, not a hardcoded magic number.
Fix the remaining call sites to use the correct offsetof() value.

https://git.kernel.org/stable/c/0e55f63dd08f09651d39e1b709a91705a8a0ddcb

https://git.kernel.org/stable/c/4cb537ae4f37d7d0f617815ed4bed7173fb50861

https://git.kernel.org/stable/c/6aef1765d6807e0f027cd87f6ac973eb0879a46d

https://git.kernel.org/stable/c/70b4c414889492c522b6e4331562360f49be2361

https://git.kernel.org/stable/c/80824c7e527b70cf9039534e60aff592e8f209d1

https://git.kernel.org/stable/c/9a7166f0ef8cbb7bb48dd05e2471d995566003f5

https://git.kernel.org/stable/c/c3a89e3ec1ccf64fa6a34e391e1581ebbcba8683