As per upstream advisory: Samba 4.5 and later implements VLV - Virtual List View, and Samba 4.10 and later reimplemented the paged_results control using similar code. This code is more memory-efficient, storing only a pointer to the object, not the returned object. However this means parts of the original request must be retained When these controls are used by a client that connects to the Global Catalog server, these modules failed to correctly retain the control data along with the request, causing a use-after-free and an abort when this is detected by the talloc library. NOTE WELL: Unsupported Samba versions before Samba 4.7 use a single process for the LDAP servers. All versions of Samba after Samba 4.11 use the 'prefork' process model to create a shared connection pool. Crashing servers are restarted, but service is disrupted.
Acknowledgments: Name: the Samba project Upstream: Andrei Popa
Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux and Red Hat Gluster Storage 3 because there is no support for samba as Active Directory Domain Controller.
External References: https://www.samba.org/samba/security/CVE-2020-10760.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1853276]
Upstream patch: https://github.com/samba-team/samba/commit/32c333def9ad5a1c67abee320cf5f3c4f2cb1e5c