CVE-2023-54203

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.21 #3

Description The Linux kernel contains a flaw within the ksmbd module, specifically in the init smb2 rsp hdr function. This issue manifests as a slab-out-of-bounds write when an SMB1 mount operation fails. The problem arises from the handling of SMB1 negotiate requests as SMB2 server operations. The fix involves adding SMB server operations specifically for SMB1 negotiate to prevent incorrect handling by the SMB2 server operations. A kernel stack trace indicates the issue occurs during a workqueue process related to ksmbd-io.

Recommendations Update to Linux kernel version 6.1.21 #3 or later.