Description: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel References: https://patchwork.kernel.org/patch/10187633/ https://bugzilla.redhat.com/show_bug.cgi?id=1539599 http://www.openwall.com/lists/oss-security/2018/03/06/1 Notes: carnil> Issue fixed upstream differently/unknownigly with the carnil> referenced commit cabfb3680f78981d26c078a26e5c748531257ebb carnil> Cf. https://patchwork.kernel.org/patch/10187633/ discussion. bwh> Minimal fix for older versions: bwh> https://patchwork.kernel.org/patch/10187633/ Bugs: upstream: released (4.11-rc1) [cabfb3680f78981d26c078a26e5c748531257ebb] 4.9-upstream-stable: released (4.9.90) [df09b6f7b54adba78693997096d0bcb1bd80537c] 3.16-upstream-stable: released (3.16.57) [36a0db05310fbee38b59fed7e1306c1a095f8c8f] 3.2-upstream-stable: N/A "Vulnerable code not present" sid: released (4.11.6-1) 4.9-stretch-security: released (4.9.88-1) [bugfix/all/CIFS-Enable-encryption-during-session-setup-phase.patch] 3.16-jessie-security: released (3.16.56-1) [bugfix/all/CIFS-Enable-encryption-during-session-setup-phase.patch] 3.2-wheezy-security: N/A "Vulnerable code not present"