An out-of-bounds (OOB) memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset
in the parse_lease_state()
function, the create_context
object can access invalid memory.