[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] 5 Linux kernel ksmbd vulnerabilities
From: Hauke Mehrtens <hauke () hauke-m ! de>
Date: 2024-03-20 0:32:25
Message-ID: 8e716095-2a6c-4e39-bb3a-064a3c482f2a () hauke-m ! de
[Download RAW message or body]
On 3/19/24 04:30, Alexander E. Patrakov wrote:
> On Tue, Mar 19, 2024 at 6:11 AM daniel <sd@x17.eu> wrote:
>>
>> Recently two batches of Linux kernel ksmbd vulnerabilities became public.
>>
>> Please find here an overview, the attached ZDI information and the
>> corresponding links to the Linux kernel cve announce messages with
>> further information.
>
> I am personally worried about the situation with OpenWrt which would
> need a new stable release to address this. However, they use a manual
> backport of this to the 5.15.x kernel.
>
Hi,
OpenWrt 23.05 uses kernel 5.15 and the ksmbd implementation found in
this upstream kernel version. OpenWrt plans to do a new service release
23.05.3 in the next days anyway with kernel 5.15.150. This should
contain all needed fixes.
OpenWrt 22.03 uses ksmbd from https://github.com/cifsd-team/ksmbd in
version 3.4.7. This is probably affected by these problems.
Maybe we will update this to 3.4.9 or backport the patches fixing
security problems. OpenWrt 22.03 will be EoL in April 2024 anyway.
Hauke
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic