Linux Kernel CIFS Component VALIDATE_NEGOTIATE_INFO Message Length Error Vulnerability

A vulnerability in the CIFS (Common Internet File System) component of the Linux kernel has been addressed. The issue arose from a modification that extended the default SMB (Server Message Block) dialects from 3 to 4, but failed to properly adjust the message length accordingly. This oversight caused the message length to exceed expectations, potentially leading to unintentional information leakage over the network due to uninitialized message data. The vulnerability has been fixed by reducing the VALIDATE_NEGOTIATE_INFO message length from 28 bytes to 26 bytes.

Impact

The vulnerability could have allowed for unintended information leakage over the network due to uninitialized message data in the CIFS component.

Reproduction

The vulnerability can be reproduced by sending a VALIDATE_NEGOTIATE_INFO message that includes the extended SMB3.1.1 dialect. The message will be improperly sized, leading to potential information leakage.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.