Linux Kernel ksmbd smbDirect Data Transfer Validation Vulnerability

A vulnerability in the Linux kernel's ksmbd component has been addressed. This issue involved the smb_direct_data_transfer structure, where invalid data_offset and data_length values could lead to out-of-bounds problems. The vulnerability has been fixed by adding validation for these fields in the 'recv_done' function.

Impact

The vulnerability could have caused out-of-bounds issues, potentially leading to memory corruption or other unintended behavior.

Reproduction

The vulnerability could be reproduced by sending an smb_direct_data_transfer message with invalid data_offset and data_length values. This would trigger the 'recv_done' function to process the message without proper validation, causing an out-of-bounds condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archive.