CVE-2024-26594

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate mech token in session setup

If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < dd1de9268745f0eac83a430db7afc32cbd62e84baffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 6eb8015492bcc84e40646390e50a862b2c0529c9affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202aaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 5e6dfec95833edc54c48605a98365a7325e5541eaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 92e470163d96df8db6c4fa0f484e4a229edb903daffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.75 <= 6.1.*unaffected
LinuxLinux6.6.14 <= 6.6.*unaffected
LinuxLinux6.7.2 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References