diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2024-01-05 15:45:49 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-01-05 15:45:49 +0100 |
commit | 1571da26aabeaa9533187bb7fc001ba275fb43c2 (patch) | |
tree | 4be6236ed936c52895307f558d2550195b1653d6 /active/CVE-2023-1192 | |
parent | a11718ea1fb193ba0a4dce15a6d024959000268f (diff) |
Update information on CVE-2023-1192
Diffstat (limited to 'active/CVE-2023-1192')
-rw-r--r-- | active/CVE-2023-1192 | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/active/CVE-2023-1192 b/active/CVE-2023-1192 index f64599535..2a4e0762e 100644 --- a/active/CVE-2023-1192 +++ b/active/CVE-2023-1192 @@ -6,12 +6,17 @@ References: Notes: bwh> Introduced in 5.10 by commit 8e670f77c4a5 "Handle STATUS_IO_TIMEOUT bwh> gracefully". I posted my analysis and an untested patch on RHBZ. + carnil> Paulo Alcantara replied that this issue is supposed to be fixed + carnil> with d527f51331ca ("cifs: Fix UAF in + carnil> cifs_demultiplex_thread()") and that wile the commit mentions + carnil> an UAF in >is_network_name_deleted() it should work as well for + carnil> the smb2_is_status_io_timeout() case. Bugs: -upstream: needed -6.1-upstream-stable: needed +upstream: released (6.6-rc3) [d527f51331cace562393a8038d870b3e9916686f] +6.1-upstream-stable: released (6.1.56) [908b3b5e97d25e879de3d1f172a255665491c2c3] 5.10-upstream-stable: needed 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed -6.1-bookworm-security: needed +sid: released (6.5.6-1) +6.1-bookworm-security: released (6.1.64-1) 5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" |