CVE-2024-46795: ksmbd: unset the binding mark of a reused connection
First published: Wed Sep 18 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.15<5.15.167 | |
| Linux Kernel | >=5.16<6.1.110 | |
| Linux Kernel | >=6.2<6.6.51 | |
| Linux Kernel | >=6.7<6.10.10 | |
| Linux Kernel | =6.11-rc1 | |
| Linux Kernel | =6.11-rc2 | |
| Linux Kernel | =6.11-rc3 | |
| Linux Kernel | =6.11-rc4 | |
| Linux Kernel | =6.11-rc5 | |
| Linux Kernel | =6.11-rc6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce
- https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1
- https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5
- https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02
- https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46795
- https://nvd.nist.gov/vuln/detail/CVE-2024-46795
- https://launchpad.net/bugs/cve/CVE-2024-46795
- https://security-tracker.debian.org/tracker/CVE-2024-46795
- https://ubuntu.com/security/CVE-2024-46795
- https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5
Frequently Asked Questions
What is the severity of CVE-2024-46795?
CVE-2024-46795 has been marked with a moderate severity level due to its potential for causing null pointer dereference errors.
How do I fix CVE-2024-46795?
To remediate CVE-2024-46795, upgrade the Linux kernel to a version higher than 5.15.167 or apply the recommended patches provided in the security updates.
Which versions of the Linux kernel are affected by CVE-2024-46795?
CVE-2024-46795 affects multiple versions of the Linux kernel from 5.15 to 6.11-rc6.
What types of systems are impacted by CVE-2024-46795?
CVE-2024-46795 affects systems running specific vulnerable versions of the Linux kernel, particularly those using ksmbd and cifs.ko functionalities.
Who reported CVE-2024-46795?
CVE-2024-46795 was reported by Steve French, highlighting a critical null pointer dereference issue.
- agent/title
- agent/first-publish-date
- agent/type
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/references
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.15
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11-rc1
- version/linux kernel/6.11-rc2
- version/linux kernel/6.11-rc3
- version/linux kernel/6.11-rc4
- version/linux kernel/6.11-rc5
- version/linux kernel/6.11-rc6
- package-manager/debian