On Fri, 2024-01-05 at 11:04 -0300, Paulo Alcantara wrote: > Salvatore Bonaccorso <carnil@xxxxxxxxxx> writes: > > > There is a Red Hat bugzilla report in > > https://bugzilla.redhat.com/show_bug.cgi?id=2154178 about a > > use-after-free in smb2_is_status_io_timeout() . While the commit noted > > initially there seems not correct, Ben Hutchings raised a question on > > more information in > > https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c24 . > > > > (there is a CVE assigned for it, CVE-2023-1192) > > That is supposed to be fixed by > > d527f51331ca ("cifs: Fix UAF in cifs_demultiplex_thread()") > > While the commit refers to an UAF in ->is_network_name_deleted(), this > should also work for smb2_is_status_io_timeout(), AFAICT. I think that's a different UAF bug that happens to affect the same function. Ben. -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part
