Vulnerabilities > CVE-2023-52442 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693
- https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693
- https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e
- https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e
- https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac
- https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac
- https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f
- https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f