Linux Kernel Slab Out-of-Bounds Vulnerability in SMB3 Mount Process

A slab out-of-bounds vulnerability has been identified in the Linux kernel's CIFS (Common Internet File System) implementation, specifically during the mounting process to ksmbd (Kernel SMB Daemon). This issue arises from a missing validation check in the 'parse_server_interfaces' function, which can lead to memory corruption. The vulnerability is present in Linux kernel versions prior to 6.16.0-rc2-kasan.

Impact

Exploitation of this vulnerability can lead to memory corruption, allowing for potential arbitrary code execution or causing a denial-of-service condition by crashing the system.

Reproduction

To reproduce this vulnerability, mount a CIFS share with KASAN (Kernel Address Sanitizer) enabled. The 'parse_server_interfaces' function will be called without proper validation, leading to a slab out-of-bounds condition. This can be observed in the KASAN report, which indicates a read of size 4 from an invalid memory address, triggered by the 'mount' process.

Remediation

Users can upgrade to Linux kernel versions 6.16.0-rc2 or later, where this vulnerability has been fixed.