Linux Kernel ksmbd Buffer Validation Vulnerability in Extended Attributes Handling

A vulnerability in the Linux kernel's ksmbd component has been addressed, concerning improper buffer validation in the smb2_set_ea function, which manages Extended Attributes (EA). The original validation checks failed to account for the null terminator's size, leading to potential buffer overflows. This issue has been corrected by adding the appropriate length for the null terminator, ensuring that the validation accurately reflects the total buffer size required.

Impact

The vulnerability could lead to buffer overflow issues, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by invoking the smb2_set_ea function with an Extended Attribute name that does not include the null terminator. This can be done by manually setting the EaNameLength to exclude the terminator when the Extended Attributes are processed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.