The change breaks CIFS mounts with Kerberos for me in jammy unless I
install Linux 5.15.0-142-generic from jammy-proposed.
The fix is missing the release of the new 5.15, 6.8 kernels in jammy at
least.
The debian/patches/CVE-2025-2312-1.patch has:
@@ -1384,7 +1423,7 @@
* look at the environ file.
*/
env_cachename =
- get_cachename_from_process_env(env_probe ? arg->pid : 0);
+ get_cachename_from_process_env((env_probe &&
(arg->upcall_target == UPTARGET_APP)) ? arg->pid : 0);
rc = setuid(uid);
if (rc == -1) {
Which means if the kernel hasn't been patched, cifs.upcall will look for
credential cache in default locations as arg->upcall_target won't be
UPTARGET_APP, and not in the environment of the calling process which has the
right value.
Also, passing -o upcall_target=anything as per the new mount.cifs man
page fails with invalid option (rejected by the kernel).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2099914
Title:
CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials
cache
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2099914/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
