{"uuid": "50033320-f3f3-4fd6-b151-c9c809ea2380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46795", "type": "seen", "source": "https://t.me/cvedetector/5930", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46795 - Lenovo ksmbd Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46795 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nksmbd: unset the binding mark of a reused connection  \n  \nSteve French reported null pointer dereference error from sha256 lib.  \ncifs.ko can send session setup requests on reused connection.  \nIf reused connection is used for binding session, conn->binding can  \nstill remain true and generate_preauth_hash() will not set  \nsess->Preauth_HashValue and it will be NULL.  \nIt is used as a material to create an encryption key in  \nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer  \ndereference error from crypto_shash_update().  \n  \nBUG: kernel NULL pointer dereference, address: 0000000000000000  \n#PF: supervisor read access in kernel mode  \n#PF: error_code(0x0000) - not-present page  \nPGD 0 P4D 0  \nOops: 0000 [#1] PREEMPT SMP PTI  \nCPU: 8 PID: 429254 Comm: kworker/8:39  \nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )  \nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]  \nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]  \n  \n? show_regs+0x6d/0x80  \n? __die+0x24/0x80  \n? page_fault_oops+0x99/0x1b0  \n? do_user_addr_fault+0x2ee/0x6b0  \n? exc_page_fault+0x83/0x1b0  \n? asm_exc_page_fault+0x27/0x30  \n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]  \n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]  \n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]  \n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]  \n_sha256_update+0x77/0xa0 [sha256_ssse3]  \nsha256_avx2_update+0x15/0x30 [sha256_ssse3]  \ncrypto_shash_update+0x1e/0x40  \nhmac_update+0x12/0x20  \ncrypto_shash_update+0x1e/0x40  \ngenerate_key+0x234/0x380 [ksmbd]  \ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]  \nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]  \nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]  \nsmb2_sess_setup+0x952/0xaa0 [ksmbd]  \n__process_request+0xa3/0x1d0 [ksmbd]  \n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]  \nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]  \nprocess_one_work+0x16c/0x350  \nworker_thread+0x306/0x440  \n? __pfx_worker_thread+0x10/0x10  \nkthread+0xef/0x120  \n? __pfx_kthread+0x10/0x10  \nret_from_fork+0x44/0x70  \n? __pfx_kthread+0x10/0x10  \nret_from_fork_asm+0x1b/0x30 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:52:29.000000Z"}