Updated: 2025-01-14 17:47:55.427729
Description:
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() smb2_calc_signature() crypto_shash_setkey() *UAF* Fix this by ensuring that we have a valid @ses->auth_key.response by checking whether @ses->ses_status is SES_GOOD or SES_EXITING with @ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()"), we made sure to call ->logoff() only when @ses was known to be good (e.g. valid ->auth_key.response), so it's safe to access signing key when @ses->ses_status == SES_EXITING.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1738671431 | 2025-02-05 02:18:11 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1738670922 | 2025-02-05 02:18:12 | |
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:27:56 | ||
CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:28:04 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:28:03 | ||
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:28:02 | ||
CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Needs Triage | 2025-02-07 06:37:48 | ||
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:27:58 | ||
CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:28:09 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Needs Triage | 2025-01-14 13:28:05 |