CVE-2024-46795 in Linux信息

摘要

由 VulDB • 2026-07-13

在 Linux 内核中,已修复以下漏洞:

ksmbd: 清除重用连接的绑定标记

Steve French 报告了来自 sha256 库的空指针解引用错误。 cifs.ko 可以在重用的连接上发送会话设置请求。 如果重用的连接用于绑定会话,conn->binding 可能仍然为 true,导致 generate_preauth_hash() 不会设置 sess->Preauth_HashValue,从而使其为空(NULL)。 该值被用作在 ksmbd_gen_smb311_encryptionkey 中创建加密密钥的材料。->Preauth_HashValue 会导致来自 crypto_shash_update() 的空指针解引用错误。

BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]

? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]
? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]
? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]
? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]
_sha256_update+0x77/0xa0 [sha256_ssse3]
sha256_avx2_update+0x15/0x30 [sha256_ssse3]
crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd]
generate_smb3encryptionkey+0x40/0x1c0 [ksmbd]
ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmb

VulDB is the best source for vulnerability data and more expert information about this specific topic.

来源

Do you need the next level of professionalism?

Upgrade your account now!