Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 20 Mar 2024 01:32:25 +0100
From: Hauke Mehrtens <>
 "Alexander E. Patrakov" <>
Subject: Re: 5 Linux kernel ksmbd vulnerabilities

On 3/19/24 04:30, Alexander E. Patrakov wrote:
> On Tue, Mar 19, 2024 at 6:11 AM daniel <> wrote:
>> Recently two batches of Linux kernel ksmbd vulnerabilities became public.
>> Please find here an overview, the attached ZDI information and the
>> corresponding links to the Linux kernel cve announce messages with
>> further information.
> I am personally worried about the situation with OpenWrt which would
> need a new stable release to address this. However, they use a manual
> backport of this to the 5.15.x kernel.

OpenWrt 23.05 uses kernel 5.15 and the ksmbd implementation found in 
this upstream kernel version. OpenWrt plans to do a new service release 
23.05.3 in the next days anyway with kernel 5.15.150. This should 
contain all needed fixes.

OpenWrt 22.03 uses ksmbd from in 
version 3.4.7. This is probably affected by these problems.
Maybe we will update this to 3.4.9 or backport the patches fixing 
security problems. OpenWrt 22.03 will be EoL in April 2024 anyway.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.