CVE-2023-52755

slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

aaf0a07d60887d6c36fc46a24de0083744f07819

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

8387c94d73ec66eb597c7a23a8d9eadf64bfbafa

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

09d9d8b40a3338193619c14ed4dc040f4f119e70

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

712e01f32e577e7e48ab0adb5fe550646a3d93cb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

eebff19acaa35820cb09ce2ccb3d21bee2156ffb

Affected versions

v5.*

v5.13

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.105

v5.15.106

v5.15.107

v5.15.108

v5.15.109

v5.15.11

v5.15.110

v5.15.111

v5.15.112

v5.15.113

v5.15.114

v5.15.115

v5.15.116

v5.15.117

v5.15.118

v5.15.119

v5.15.12

v5.15.120

v5.15.121

v5.15.122

v5.15.123

v5.15.124

v5.15.125

v5.15.126

v5.15.127

v5.15.128

v5.15.129

v5.15.13

v5.15.130

v5.15.131

v5.15.132

v5.15.133

v5.15.134

v5.15.135

v5.15.136

v5.15.137

v5.15.138

v5.15.139

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.5.1

v6.5.10

v6.5.11

v6.5.12

v6.5.2

v6.5.3

v6.5.4

v6.5.5

v6.5.6

v6.5.7

v6.5.8

v6.5.9

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-52755-04e923db",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8387c94d73ec66eb597c7a23a8d9eadf64bfbafa",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83299410312269900841779969465236890985",
                "318402832596814736183065769611999485065",
                "276888736693926494221430492876612947375",
                "87307531932019669556059133128072598186",
                "210783937263096677821291889579060421597",
                "113276439563310123623938305839876212760",
                "67203626519284622305754784511015389277",
                "176755859801696488849952868871108357024",
                "121271467511191794845204286643244045208",
                "178540022722585812835240024740466696512",
                "190880727473368573788606545856526002570",
                "164310243817972993560420460624348751046",
                "230895966643501703246527124204032203403"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52755-2394d7cf",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09d9d8b40a3338193619c14ed4dc040f4f119e70",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83299410312269900841779969465236890985",
                "318402832596814736183065769611999485065",
                "276888736693926494221430492876612947375",
                "87307531932019669556059133128072598186",
                "210783937263096677821291889579060421597",
                "113276439563310123623938305839876212760",
                "67203626519284622305754784511015389277",
                "176755859801696488849952868871108357024",
                "121271467511191794845204286643244045208",
                "178540022722585812835240024740466696512",
                "190880727473368573788606545856526002570",
                "164310243817972993560420460624348751046",
                "230895966643501703246527124204032203403"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52755-29b143a6",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eebff19acaa35820cb09ce2ccb3d21bee2156ffb",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83299410312269900841779969465236890985",
                "318402832596814736183065769611999485065",
                "276888736693926494221430492876612947375",
                "87307531932019669556059133128072598186",
                "210783937263096677821291889579060421597",
                "113276439563310123623938305839876212760",
                "67203626519284622305754784511015389277",
                "176755859801696488849952868871108357024",
                "121271467511191794845204286643244045208",
                "178540022722585812835240024740466696512",
                "190880727473368573788606545856526002570",
                "164310243817972993560420460624348751046",
                "230895966643501703246527124204032203403"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52755-2fe15f88",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09d9d8b40a3338193619c14ed4dc040f4f119e70",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "smb_inherit_dacl",
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "length": 4276.0,
            "function_hash": "76149239310467483097472688783759529305"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52755-95c08a75",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@712e01f32e577e7e48ab0adb5fe550646a3d93cb",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "smb_inherit_dacl",
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "length": 4276.0,
            "function_hash": "76149239310467483097472688783759529305"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52755-a1e53bed",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@712e01f32e577e7e48ab0adb5fe550646a3d93cb",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83299410312269900841779969465236890985",
                "318402832596814736183065769611999485065",
                "276888736693926494221430492876612947375",
                "87307531932019669556059133128072598186",
                "210783937263096677821291889579060421597",
                "113276439563310123623938305839876212760",
                "67203626519284622305754784511015389277",
                "176755859801696488849952868871108357024",
                "121271467511191794845204286643244045208",
                "178540022722585812835240024740466696512",
                "190880727473368573788606545856526002570",
                "164310243817972993560420460624348751046",
                "230895966643501703246527124204032203403"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52755-afe63080",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aaf0a07d60887d6c36fc46a24de0083744f07819",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "smb_inherit_dacl",
            "file": "fs/ksmbd/smbacl.c"
        },
        "digest": {
            "length": 4280.0,
            "function_hash": "141289014642861133847980183283191970903"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52755-bf6dd5cb",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eebff19acaa35820cb09ce2ccb3d21bee2156ffb",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "smb_inherit_dacl",
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "length": 4276.0,
            "function_hash": "76149239310467483097472688783759529305"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52755-cdd68151",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8387c94d73ec66eb597c7a23a8d9eadf64bfbafa",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "smb_inherit_dacl",
            "file": "fs/smb/server/smbacl.c"
        },
        "digest": {
            "length": 4286.0,
            "function_hash": "241677874796956537890043273485973888903"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52755-fbc310bd",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aaf0a07d60887d6c36fc46a24de0083744f07819",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/ksmbd/smbacl.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83299410312269900841779969465236890985",
                "318402832596814736183065769611999485065",
                "276888736693926494221430492876612947375",
                "87307531932019669556059133128072598186",
                "210783937263096677821291889579060421597",
                "113276439563310123623938305839876212760",
                "67203626519284622305754784511015389277",
                "176755859801696488849952868871108357024",
                "121271467511191794845204286643244045208",
                "178540022722585812835240024740466696512",
                "190880727473368573788606545856526002570",
                "164310243817972993560420460624348751046",
                "230895966643501703246527124204032203403"
            ]
        },
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.140

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.64

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.5.13

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.3