The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.
References
Link | Resource |
---|---|
https://github.com/cifsd-team/ksmbd/pull/551 | Patch Third Party Advisory |
https://github.com/cifsd-team/ksmbd/issues/550 | Third Party Advisory |
https://marc.info/?l=linux-kernel&m=163961726017023&w=2 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220107-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
29 Mar 2022, 16:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h300e
Netapp h410s Netapp h410c Netapp h410s Firmware Netapp h700s Netapp Netapp h410c Firmware Netapp h500e Firmware Netapp h700e Firmware Netapp h300e Firmware Netapp h500s Firmware Netapp h300s Firmware Netapp h700s Firmware Netapp h500e Netapp h700e Netapp h500s Netapp h300s |
|
CPE | cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220107-0001/ - Third Party Advisory |
10 Jan 2022, 14:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2021, 13:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/cifsd-team/ksmbd/pull/551 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/cifsd-team/ksmbd/issues/550 - Third Party Advisory | |
References | (MISC) https://marc.info/?l=linux-kernel&m=163961726017023&w=2 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-319 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:ksmbd_project:ksmbd:*:*:*:*:*:*:*:* |
16 Dec 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-16 05:15
Updated : 2022-03-29 16:28
NVD link : CVE-2021-45100
Mitre link : CVE-2021-45100
CVE.ORG link : CVE-2021-45100
JSON object : View
Products Affected
netapp
- h410c_firmware
- h500s_firmware
- h410c
- h700s_firmware
- h500e
- h700e_firmware
- h300s_firmware
- h500s
- h700e
- h410s
- h410s_firmware
- h300e
- h700s
- h300e_firmware
- h300s
- h500e_firmware
linux
- linux_kernel
ksmbd_project
- ksmbd
CWE
CWE-319
Cleartext Transmission of Sensitive Information