Ubuntu
linux package

  1. Bug #2060780
  2. Comment #5

Comment 5 for bug 2060780

Revision history for this message
Matthew Ruffell (mruffell) wrote :

Hi everyone,

Reading:

https://<email address hidden>/T/

It seems the issue was introduced in

commit 33eae65c6f49770fec7a662935d4eb4a6406d24b
Author: Paulo Alcantara <email address hidden>
Date: Wed Dec 13 12:25:57 2023 -0300
Subject: smb: client: fix OOB in SMB2_query_info_init()
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33eae65c6f49770fec7a662935d4eb4a6406d24b

this was indeed landed in 5.15.0-102-generic:

$ git log --grep "smb: client: fix OOB in SMB2_query_info_init()" origin/master-next
commit ed30eac9715d0bd5512ee42ca8e8f340d2d9d2d5
...

$ git describe --contains ed30eac9715d0bd5512ee42ca8e8f340d2d9d2d5
Ubuntu-5.15.0-102.112~472

The link mentions it is supposedly fixed in:

commit b5d623611c9cda84ebb5e5bd044587955eaf782f
Author: Kees Cook <email address hidden>
Date: Fri Feb 17 16:24:40 2023 -0800
Subject: smb3: Replace smb2pdu 1-element arrays with flex-arrays
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5d623611c9cda84ebb5e5bd044587955eaf782f

Looking at the Jammy kernel tree:

$ git log --grep "smb3: Replace smb2pdu 1-element arrays with flex-arrays" origin/master-next
commit b5d623611c9cda84ebb5e5bd044587955eaf782f

$ git describe --contains b5d623611c9cda84ebb5e5bd044587955eaf782f
Ubuntu-5.15.0-104.114~23

It seems it is already applied and tagged in 5.15.0-104-generic. This seems to be built, but not quite in -proposed yet:

https://kernel.ubuntu.com/reports/kernel-stable-board/

I will write back as soon as 5.15.0-104-generic is in -proposed, with instructions on how to test it, and see if it fixes the issue.

Thanks,
Matthew