Products
Linux kernel
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Tags
CVE-2024-26980 details
Published : May 1, 2024, 6:15 a.m.
Last Modified : May 1, 2024, 1:02 p.m.
Last Modified : May 1, 2024, 1:02 p.m.
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
https://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
https://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
https://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
This website uses the NVD API, but is not approved or certified by it.