CVE-2023-52441

If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

330d900620dfc9893011d725b3620cd2ee0bc2bc

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

aa669ef229ae8dd779da9caa24e254964545895f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

536bb492d39bb6c080c92f31e8a55fe9934f452b

Affected versions

v5.*

v5.13

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.105

v5.15.106

v5.15.107

v5.15.108

v5.15.109

v5.15.11

v5.15.110

v5.15.111

v5.15.112

v5.15.113

v5.15.114

v5.15.115

v5.15.116

v5.15.117

v5.15.118

v5.15.119

v5.15.12

v5.15.120

v5.15.121

v5.15.122

v5.15.123

v5.15.124

v5.15.125

v5.15.126

v5.15.127

v5.15.128

v5.15.129

v5.15.13

v5.15.130

v5.15.131

v5.15.132

v5.15.133

v5.15.134

v5.15.135

v5.15.136

v5.15.137

v5.15.138

v5.15.139

v5.15.14

v5.15.140

v5.15.141

v5.15.142

v5.15.143

v5.15.144

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.10

v6.4.11

v6.4.12

v6.4.13

v6.4.14

v6.4.15

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.5-rc1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@330d900620dfc9893011d725b3620cd2ee0bc2bc",
        "deprecated": false,
        "id": "CVE-2023-52441-14c866a6",
        "target": {
            "file": "fs/smb/server/server.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173352020502345719275340724949288210433",
                "280152463001151705998741686463664270931",
                "337949439912508131290275700067888545828",
                "200619879318667584615608008312590517664",
                "72385190931596526652108879029666590024",
                "123126215961323645447620909806764606336",
                "115847744212080013139259942853543222786",
                "158046079938230438873292913319652856441"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
        "deprecated": false,
        "id": "CVE-2023-52441-1df90568",
        "target": {
            "file": "fs/ksmbd/smb_common.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "94283527507762820835921480031921744430",
                "6245953505231723122449260122185633930",
                "22856095438797024207365219585758977215",
                "325378687612157433563645912259933135334",
                "269332618840291076650532730920899349340",
                "91588852982791714042086114600608151935",
                "320523078801493798187400601349863556121",
                "223141616982208762824593897946016613602",
                "67576445254522037231568963663129297546",
                "218720935405026281725529185992420071260",
                "110562397915241217497804204398645432489",
                "57755987186532112466565507163128348629",
                "238925677228058851030594640405314268179",
                "15181436838734716300284682690366366920",
                "182569640088673986928801047467089324615",
                "173472168903660923610619100471375261620",
                "337108420877240578752352503045618490434",
                "26991962640957932412691148718974727431",
                "177583060485094423229452079948732502149",
                "200368747966770064670260694944301200201"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@536bb492d39bb6c080c92f31e8a55fe9934f452b",
        "deprecated": false,
        "id": "CVE-2023-52441-2134a153",
        "target": {
            "file": "fs/smb/server/smb_common.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "148088299229925507237150513515050493886",
                "156663149646668082094566720819606106630",
                "20902030537455997298084895543001475776",
                "75275067074480769014427332807197929089"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@536bb492d39bb6c080c92f31e8a55fe9934f452b",
        "deprecated": false,
        "id": "CVE-2023-52441-28c8cb9e",
        "target": {
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "94283527507762820835921480031921744430",
                "6245953505231723122449260122185633930",
                "22856095438797024207365219585758977215",
                "325378687612157433563645912259933135334",
                "269332618840291076650532730920899349340",
                "91588852982791714042086114600608151935",
                "320523078801493798187400601349863556121",
                "223141616982208762824593897946016613602",
                "67576445254522037231568963663129297546",
                "218720935405026281725529185992420071260",
                "110562397915241217497804204398645432489",
                "57755987186532112466565507163128348629",
                "238925677228058851030594640405314268179",
                "15181436838734716300284682690366366920",
                "182569640088673986928801047467089324615",
                "173472168903660923610619100471375261620",
                "337108420877240578752352503045618490434",
                "26991962640957932412691148718974727431",
                "177583060485094423229452079948732502149",
                "200368747966770064670260694944301200201"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
        "deprecated": false,
        "id": "CVE-2023-52441-3ba38dd5",
        "target": {
            "function": "ksmbd_init_smb_server",
            "file": "fs/ksmbd/smb_common.c"
        },
        "digest": {
            "function_hash": "67933258489668456761338826885338655824",
            "length": 264.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa669ef229ae8dd779da9caa24e254964545895f",
        "deprecated": false,
        "id": "CVE-2023-52441-5abed757",
        "target": {
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "94283527507762820835921480031921744430",
                "6245953505231723122449260122185633930",
                "22856095438797024207365219585758977215",
                "325378687612157433563645912259933135334",
                "269332618840291076650532730920899349340",
                "91588852982791714042086114600608151935",
                "320523078801493798187400601349863556121",
                "223141616982208762824593897946016613602",
                "67576445254522037231568963663129297546",
                "218720935405026281725529185992420071260",
                "110562397915241217497804204398645432489",
                "57755987186532112466565507163128348629",
                "238925677228058851030594640405314268179",
                "15181436838734716300284682690366366920",
                "182569640088673986928801047467089324615",
                "173472168903660923610619100471375261620",
                "337108420877240578752352503045618490434",
                "26991962640957932412691148718974727431",
                "177583060485094423229452079948732502149",
                "200368747966770064670260694944301200201"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@330d900620dfc9893011d725b3620cd2ee0bc2bc",
        "deprecated": false,
        "id": "CVE-2023-52441-6525d9ce",
        "target": {
            "function": "init_smb1_server",
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "function_hash": "297770837669402694348054178242000054193",
            "length": 165.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
        "deprecated": false,
        "id": "CVE-2023-52441-65cc9750",
        "target": {
            "function": "queue_ksmbd_work",
            "file": "fs/ksmbd/server.c"
        },
        "digest": {
            "function_hash": "300029010126685008144253383460575099384",
            "length": 439.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa669ef229ae8dd779da9caa24e254964545895f",
        "deprecated": false,
        "id": "CVE-2023-52441-676e166e",
        "target": {
            "function": "init_smb1_server",
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "function_hash": "297770837669402694348054178242000054193",
            "length": 165.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa669ef229ae8dd779da9caa24e254964545895f",
        "deprecated": false,
        "id": "CVE-2023-52441-72ea921f",
        "target": {
            "file": "fs/smb/server/smb_common.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "148088299229925507237150513515050493886",
                "156663149646668082094566720819606106630",
                "20902030537455997298084895543001475776",
                "75275067074480769014427332807197929089"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@536bb492d39bb6c080c92f31e8a55fe9934f452b",
        "deprecated": false,
        "id": "CVE-2023-52441-77aea9d3",
        "target": {
            "function": "init_smb1_server",
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "function_hash": "297770837669402694348054178242000054193",
            "length": 165.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@536bb492d39bb6c080c92f31e8a55fe9934f452b",
        "deprecated": false,
        "id": "CVE-2023-52441-7801899b",
        "target": {
            "function": "ksmbd_init_smb_server",
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "function_hash": "67933258489668456761338826885338655824",
            "length": 264.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@330d900620dfc9893011d725b3620cd2ee0bc2bc",
        "deprecated": false,
        "id": "CVE-2023-52441-84742e6b",
        "target": {
            "file": "fs/smb/server/smb_common.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "148088299229925507237150513515050493886",
                "156663149646668082094566720819606106630",
                "20902030537455997298084895543001475776",
                "75275067074480769014427332807197929089"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@330d900620dfc9893011d725b3620cd2ee0bc2bc",
        "deprecated": false,
        "id": "CVE-2023-52441-8b29cd94",
        "target": {
            "function": "queue_ksmbd_work",
            "file": "fs/smb/server/server.c"
        },
        "digest": {
            "function_hash": "300029010126685008144253383460575099384",
            "length": 439.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
        "deprecated": false,
        "id": "CVE-2023-52441-94976abf",
        "target": {
            "file": "fs/ksmbd/smb_common.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "148088299229925507237150513515050493886",
                "156663149646668082094566720819606106630",
                "20902030537455997298084895543001475776",
                "75275067074480769014427332807197929089"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa669ef229ae8dd779da9caa24e254964545895f",
        "deprecated": false,
        "id": "CVE-2023-52441-a1d8a3b0",
        "target": {
            "function": "ksmbd_init_smb_server",
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "function_hash": "67933258489668456761338826885338655824",
            "length": 264.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa669ef229ae8dd779da9caa24e254964545895f",
        "deprecated": false,
        "id": "CVE-2023-52441-a63e50f8",
        "target": {
            "function": "queue_ksmbd_work",
            "file": "fs/smb/server/server.c"
        },
        "digest": {
            "function_hash": "300029010126685008144253383460575099384",
            "length": 439.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@330d900620dfc9893011d725b3620cd2ee0bc2bc",
        "deprecated": false,
        "id": "CVE-2023-52441-c1ad9bdb",
        "target": {
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "94283527507762820835921480031921744430",
                "6245953505231723122449260122185633930",
                "22856095438797024207365219585758977215",
                "325378687612157433563645912259933135334",
                "269332618840291076650532730920899349340",
                "91588852982791714042086114600608151935",
                "320523078801493798187400601349863556121",
                "223141616982208762824593897946016613602",
                "67576445254522037231568963663129297546",
                "218720935405026281725529185992420071260",
                "110562397915241217497804204398645432489",
                "57755987186532112466565507163128348629",
                "238925677228058851030594640405314268179",
                "15181436838734716300284682690366366920",
                "182569640088673986928801047467089324615",
                "173472168903660923610619100471375261620",
                "337108420877240578752352503045618490434",
                "26991962640957932412691148718974727431",
                "177583060485094423229452079948732502149",
                "200368747966770064670260694944301200201"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa669ef229ae8dd779da9caa24e254964545895f",
        "deprecated": false,
        "id": "CVE-2023-52441-c204c124",
        "target": {
            "file": "fs/smb/server/server.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173352020502345719275340724949288210433",
                "280152463001151705998741686463664270931",
                "337949439912508131290275700067888545828",
                "200619879318667584615608008312590517664",
                "72385190931596526652108879029666590024",
                "123126215961323645447620909806764606336",
                "115847744212080013139259942853543222786",
                "158046079938230438873292913319652856441"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
        "deprecated": false,
        "id": "CVE-2023-52441-ced21acd",
        "target": {
            "file": "fs/ksmbd/server.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173352020502345719275340724949288210433",
                "280152463001151705998741686463664270931",
                "337949439912508131290275700067888545828",
                "200619879318667584615608008312590517664",
                "72385190931596526652108879029666590024",
                "123126215961323645447620909806764606336",
                "115847744212080013139259942853543222786",
                "158046079938230438873292913319652856441"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@536bb492d39bb6c080c92f31e8a55fe9934f452b",
        "deprecated": false,
        "id": "CVE-2023-52441-d1051c01",
        "target": {
            "function": "queue_ksmbd_work",
            "file": "fs/smb/server/server.c"
        },
        "digest": {
            "function_hash": "300029010126685008144253383460575099384",
            "length": 439.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@330d900620dfc9893011d725b3620cd2ee0bc2bc",
        "deprecated": false,
        "id": "CVE-2023-52441-d354a561",
        "target": {
            "function": "ksmbd_init_smb_server",
            "file": "fs/smb/server/smb_common.c"
        },
        "digest": {
            "function_hash": "67933258489668456761338826885338655824",
            "length": 264.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@536bb492d39bb6c080c92f31e8a55fe9934f452b",
        "deprecated": false,
        "id": "CVE-2023-52441-d47b0b5f",
        "target": {
            "file": "fs/smb/server/server.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173352020502345719275340724949288210433",
                "280152463001151705998741686463664270931",
                "337949439912508131290275700067888545828",
                "200619879318667584615608008312590517664",
                "72385190931596526652108879029666590024",
                "123126215961323645447620909806764606336",
                "115847744212080013139259942853543222786",
                "158046079938230438873292913319652856441"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b",
        "deprecated": false,
        "id": "CVE-2023-52441-dba4a75d",
        "target": {
            "function": "init_smb1_server",
            "file": "fs/ksmbd/smb_common.c"
        },
        "digest": {
            "function_hash": "297770837669402694348054178242000054193",
            "length": 165.0
        },
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.145

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.53

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.4.16