In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauthinfo is not allocated. This patch add KSMBDSESSNEEDSETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1004.4", "binary_name": "linux-buildinfo-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-headers-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-image-unsigned-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-image-unsigned-6.14.0-1004-oem-dbgsym" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-ipu6-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-ipu7-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-iwlwifi-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-usbio-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-vision-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-oem-6.14-headers-6.14.0-1004" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-oem-6.14-tools-6.14.0-1004" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-tools-6.14.0-1004-oem" } ] }