Skip to content

Commit acfdcd7

Browse files
author
CKI KWF Bot
committed
Merge: CVE-2025-38737: cifs: Fix oops due to uninitialised variable
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-10/-/merge_requests/1574 JIRA: https://issues.redhat.com/browse/RHEL-120561 CVE: CVE-2025-38737 ``` commit 453a6d2 Author: David Howells <dhowells@redhat.com> Date: Tue Aug 19 16:27:36 2025 +0100 cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined. Fixes: a2906d3 ("cifs: Switch crypto buffer to use a folio_queue rather than an xarray") Signed-off-by: David Howells <dhowells@redhat.com> cc: Steve French <sfrench@samba.org> cc: Paulo Alcantara <pc@manguebit.org> cc: linux-cifs@vger.kernel.org cc: linux-fsdevel@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> ``` Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com> --- <small>Created 2025-10-10 14:27 UTC by backporter - [KWF FAQ](https://red.ht/kernel_workflow_doc) - [Slack #team-kernel-workflow](https://redhat-internal.slack.com/archives/C04LRUPMJQ5) - [Source](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/utils/backporter.py) - [Documentation](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.backporter.md) - [Report an issue](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12334433&issuetype=1&priority=4&summary=backporter+webhook+issue&components=kernel-workflow+/+backporter)</small> Approved-by: Paulo Alcantara <paalcant@redhat.com> Approved-by: Olga Kornievskaia <okorniev@redhat.com> Approved-by: David Howells <dhowells@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: CKI GitLab Kmaint Pipeline Bot <26919896-cki-kmaint-pipeline-bot@users.noreply.gitlab.com>
2 parents 61da93d + a3d8374 commit acfdcd7

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

fs/smb/client/smb2ops.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4507,7 +4507,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst,
45074507
for (int i = 1; i < num_rqst; i++) {
45084508
struct smb_rqst *old = &old_rq[i - 1];
45094509
struct smb_rqst *new = &new_rq[i];
4510-
struct folio_queue *buffer;
4510+
struct folio_queue *buffer = NULL;
45114511
size_t size = iov_iter_count(&old->rq_iter);
45124512

45134513
orig_len += smb_rqst_len(server, old);

0 commit comments

Comments
 (0)