References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate EaNameLength in smb2_get_ea()

smb2_get_ea() reads ea_req->EaNameLength from the client request and
passes it directly to strncmp() as the comparison length without
verifying that the length of the name really is the size of the input
buffer received.

Fix this up by properly checking the size of the name based on the value
received and the overall size of the request, to prevent a later
strncmp() call to use the length as a "trusted" size of the buffer.
Without this check, uninitialized heap values might be slowly leaked to
the client.

https://git.kernel.org/stable/c/243b206bcb5a7137e8bddd57b2eec81e1ebd3859

https://git.kernel.org/stable/c/3363a770b193f555f29d76ddf4ced3305c0ccf6d

https://git.kernel.org/stable/c/551dfb15b182abad4600eaf7b37e6eb7000d5b1b

https://git.kernel.org/stable/c/dfc6878d14acafffbe670bf2576620757a10a3d8