bwh> Introduced in 5.10 by commit 8e670f77c4a5 "Handle STATUS_IO_TIMEOUT
bwh> gracefully". I posted my analysis and an untested patch on RHBZ.
carnil> Paulo Alcantara replied that this issue is supposed to be fixed
carnil> with d527f51331ca ("cifs: Fix UAF in
carnil> cifs_demultiplex_thread()") and that wile the commit mentions
carnil> an UAF in >is_network_name_deleted() it should work as well for
carnil> the smb2_is_status_io_timeout() case.
carnil> But according to Ben this is another issue.
| Branch | Status |
|---|---|
| 4.19-buster-security | N/A "Vulnerable code not present" |
| 4.19-upstream-stable | N/A "Vulnerable code not present" |
| 5.10-bullseye-security | needed |
| 5.10-upstream-stable | needed |
| 6.1-bookworm-security | released (6.1.64-1) |
| 6.1-upstream-stable | released (6.1.56) [908b3b5e97d25e879de3d1f172a255665491c2c3] |
| 6.6-upstream-stable | N/A "Fixed before branching point" |
| 6.8-upstream-stable | unknown |
| sid | released (6.5.6-1) |
| upstream | released (6.6-rc3) [d527f51331cace562393a8038d870b3e9916686f] |