{
   "containers": {
      "cna": {
         "providerMetadata": {
            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
         },
         "descriptions": [
            {
               "lang": "en",
               "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>"
            }
         ],
         "affected": [
            {
               "product": "Linux",
               "vendor": "Linux",
               "defaultStatus": "unaffected",
               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               "programFiles": [
                  "fs/smb/server/smb2pdu.c"
               ],
               "versions": [
                  {
                     "version": "f5a544e3bab7",
                     "lessThan": "9914f1bd61d5",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "f5a544e3bab7",
                     "lessThan": "93d54a4b59c4",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "f5a544e3bab7",
                     "lessThan": "41bc256da7e4",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "f5a544e3bab7",
                     "lessThan": "4c8496f44f5b",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "f5a544e3bab7",
                     "lessThan": "78c5a6f1f630",
                     "status": "affected",
                     "versionType": "git"
                  }
               ]
            },
            {
               "product": "Linux",
               "vendor": "Linux",
               "defaultStatus": "affected",
               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               "programFiles": [
                  "fs/smb/server/smb2pdu.c"
               ],
               "versions": [
                  {
                     "version": "5.15",
                     "status": "affected"
                  },
                  {
                     "version": "0",
                     "lessThan": "5.15",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "5.15.167",
                     "lessThanOrEqual": "5.15.*",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "6.1.110",
                     "lessThanOrEqual": "6.1.*",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "6.6.51",
                     "lessThanOrEqual": "6.6.*",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "6.10.10",
                     "lessThanOrEqual": "6.10.*",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "6.11",
                     "lessThanOrEqual": "*",
                     "status": "unaffected",
                     "versionType": "original_commit_for_fix"
                  }
               ]
            }
         ],
         "references": [
            {
               "url": "https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1"
            },
            {
               "url": "https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02"
            },
            {
               "url": "https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce"
            },
            {
               "url": "https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1"
            },
            {
               "url": "https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5"
            }
         ],
         "title": "ksmbd: unset the binding mark of a reused connection",
         "x_generator": {
            "engine": "bippy-c9c4e1df01b2"
         }
      }
   },
   "cveMetadata": {
      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
      "cveID": "CVE-2024-46795",
      "requesterUserId": "gregkh@kernel.org",
      "serial": "1",
      "state": "PUBLISHED"
   },
   "dataType": "CVE_RECORD",
   "dataVersion": "5.0"
}