22 Oct
2025
22 Oct
'25
11:13 p.m.
On Wed, Oct 22, 2025 at 7:45 PM くさあさ pioooooooooip@gmail.com wrote:
Hi Namjae, Steve,
Hi,
Thanks for updating the patch. I’ve reviewed the changes and they look good to me.
Okay.
Minor impact note: this patch prevents a 4-byte out-of-bounds read in ksmbd’s handle_response() when the declared Generic Netlink payload size is < 4. If a remote client can influence ksmbd.mountd to emit a truncated payload, this could be remotely triggerable (info-leak/DoS potential).
I don't understand how this is possible. Could you please explain it to me via private email?
If you consider this security-impacting, I’m happy to request a CVE via the kernel.org CNA.
Thanks!! Qianchang Zhao