CVE-2024-26811

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd
https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896
https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300
https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c
https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac

Configurations

No configuration.

History

28 Apr 2024, 12:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XCNJZBDMGJXRIKLGKM4RRJU4XCHPX62/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG6L4FXO4WNWUM6W7USOH2YTRVWREM3V/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RO3RO34MLQ6WT3A7O6STQUVXW43N6W3K/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~	() https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300 -

14 Apr 2024, 04:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XCNJZBDMGJXRIKLGKM4RRJU4XCHPX62/ -

13 Apr 2024, 04:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG6L4FXO4WNWUM6W7USOH2YTRVWREM3V/ -

13 Apr 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RO3RO34MLQ6WT3A7O6STQUVXW43N6W3K/ -

10 Apr 2024, 15:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd - () https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896 - () https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c -

08 Apr 2024, 18:48

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: validar el tamaño del payload en la respuesta de ipc Si instala herramientas ksmbd maliciosas, ksmbd.mountd puede devolver una respuesta de ipc no válida al servidor del kernel de ksmbd. ksmbd debe validar el tamaño del payload de la respuesta ipc de ksmbd.mountd para evitar el desbordamiento de la memoria o los límites. Este parche valida 3 respuestas ipc que tienen payload.

08 Apr 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-08 10:15

Updated : 2024-04-28 12:15

NVD link : CVE-2024-26811

Mitre link : CVE-2024-26811

CVE.ORG link : CVE-2024-26811

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-26811

Attach tags to `CVE-2024-26811`