CVE-2024-26594
ksmbd: validate mech token in session setup
In short
The ksmbd SMB server in Linux was not properly validating authentication tokens sent by clients during session setup, allowing invalid tokens to bypass validation. This could allow attackers to establish unauthorized connections.
Technical detail
ksmbd failed to validate the mechanism token (mech token) in the SMB session setup request, allowing clients to send malformed or invalid authentication tokens without proper rejection. An unauthenticated attacker can trigger this by sending a crafted session setup request with an invalid mech token, potentially bypassing authentication controls.
Summary generated and translated by AI from the official description.
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate mech token in session setup
If client send invalid mech token in session setup request, ksmbd
validate and make the error if it is invalid.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541ehttps://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903dhttps://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202ahttps://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b