THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-26980

ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf

Reserved:2024-02-19
Published:2024-05-01
Updated:2024-05-17

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().

Product status

Default status
unaffected

1da177e4c3f4 before da2140137260
affected

1da177e4c3f4 before b80ba648714e
affected

1da177e4c3f4 before 3160d9734453
affected

1da177e4c3f4 before 0977f89722ec
affected

1da177e4c3f4 before c119f4ede3fa
affected

Default status
affected

5.15.159
unaffected

6.1.88
unaffected

6.6.29
unaffected

6.8.8
unaffected

6.9
unaffected

References

https://git.kernel.org/stable/c/da21401372607c49972ea87a6edaafb36a17c325

https://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248

https://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1

https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085

https://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20

cve.org CVE-2024-26980

nvd.nist.gov CVE-2024-26980

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-26980