An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in KSMBD implemetation of in-kernel samba server and CIFS in the Linux kernel. When attacker sends CREATE command with malform payload to KSMBD, because of missing check `NameOffset` in function `parse_lease_state()`, the `create_context` object can access invalid memory. Refer https://www.spinics.net/lists/stable-commits/msg303065.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2154180]