CVE-2024-26822Resource Injection in Linux

CWE-99Resource Injection30 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.0
EPSS
0.0%
top 89.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 17
Latest updateJan 27

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel6.26.6.18+4
Debianlinux/linux_kernel< 6.1.164-1+2
Ubuntulinux/linux_kernel< 5.15.0-130.140
CVEListV5linux/linuxc8117ac42303f7ae99bbe53e4952f7d147cca1fb4a6e4c56721a3e6e2550b72ec56aab306c4607a7+5
debiandebian/linux< linux 6.1.164-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-xilinx-zynqmp vulnerabilities2025-01-27
OSV
linux-azure, linux-intel-iotg-5.15 vulnerabilities2025-01-09
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-gke vulnerabilities2025-01-07
OSV
linux-intel-iotg vulnerabilities2025-01-06

📋Vendor Advisories

14
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-01-27
Ubuntu
Linux kernel vulnerabilities2025-01-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (GKE) vulnerabilities2025-01-07
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-01-06

💬Community

1
Bugzilla
CVE-2024-26822 kernel: smb: client: set correct id, uid and cruid for multiuser automounts2024-04-17