Re: Details on this supposed Linux Kernel ksmbd RCE

[Jeffrey Walton <noloader () gmail com>]

On Fri, Dec 23, 2022 at 8:22 AM Eric Biggers <ebiggers () kernel org> wrote:
> On Fri, Dec 23, 2022 at 09:17:28AM +0100, Marcus Meissner wrote:
> > tldr: I requested 5 CVEs for the new ZDI issues Josh and Jan referenced.
> >
> > long form:
> >
> > Nice surprise 1 day before Christmas.
>
> Note that these bugs were already fixed in upstream and all affected Long Term
> Support (LTS) kernels months ago.  So this is really only a "surprise" for
> people who choose to use known buggy and insecure kernels that don't follow LTS.

Comes to mind: https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/

> Anyway, these sorts of bugs are totally predictable in a complex, new network
> filesystem server (ksmbd).  Personally I recommend not using ksmbd.

Jeff