Linux Kernel ksmbd Out-of-Bounds Read Vulnerability in SMB2 Session Setup

A vulnerability allowing an out-of-bounds read has been identified in the Linux kernel's ksmbd component. This issue arises in the SMB2 session setup process when handling compound requests. Specifically, if the session setup is in a compound request and the second payload is processed, an out-of-bounds read occurs while managing the first payload.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially be exploited to read sensitive information from memory or cause a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a compound SMB2 session setup request to a server running the affected version of the Linux kernel with ksmbd enabled. Ensure that the second payload of the compound request is processed, which will trigger the out-of-bounds read issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.