CVE-2024-26954

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()

If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb2_create_req, slab-out-of-bounds read can happen from smb2_open. This patch set the minimum value of the name offset to the buffer offset to validate name length of smb2_create_req().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < d70c2e0904ab3715c5673fd45788a464a246d1dbaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 3b8da67191e938a63d2736dabb4ac5d337e5de57affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 4f97e6a9d62cb1fce82fbf4baff44b83221bc178affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < a80a486d72e20bd12c335bcd38b6e6f19356b0aaaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux6.1.119 <= 6.1.*unaffected
LinuxLinux6.6.32 <= 6.6.*unaffected
LinuxLinux6.7.12 <= 6.7.*unaffected
LinuxLinux6.8.3 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References