CVE-2024-26811
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate payload size in ipc response
If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 88b7f1143b15b29cccb8392b4f38e75b7bb3e300 | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 51a6c2af9d20203ddeeaf73314ba8854b38d01bd | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < a637fabac554270a851033f5ab402ecb90bc479c | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 76af689a45aa44714b46d1a7de4ffdf851ded896 | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < a677ebd8ca2f2632ccdecbad7b87641274e15aac | affected |
| Linux | Linux | 5.15 | affected |
| Linux | Linux | 0 < 5.15 | unaffected |
| Linux | Linux | 5.15.157 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.85 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.26 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.5 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300
- https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd
- https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c
- https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896
- https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XCNJZBDMGJXRIKLGKM4RRJU4XCHPX62/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RO3RO34MLQ6WT3A7O6STQUVXW43N6W3K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG6L4FXO4WNWUM6W7USOH2YTRVWREM3V/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300
- https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd
- https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c
- https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896
- https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.