CVE-2024-26952Classic Buffer Overflow in Linux

CWE-120Classic Buffer OverflowCWE-125Out-of-bounds Read29 documents8 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 91.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedMay 1
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel5.155.15.181+4
Debianlinux/linux_kernel< 6.1.119-1+2
Ubuntulinux/linux_kernel< 5.15.0-117.127+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-oracle-5.15 vulnerabilities2024-08-13
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-08-12
OSV
linux-gcp-5.15 vulnerabilities2024-07-30
OSV
linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi vulnerabilities2024-07-30

📋Vendor Advisories

14
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-08-13
Ubuntu
Linux kernel (Azure) vulnerabilities2024-08-12
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-30

💬Community

1
Bugzilla
CVE-2024-26952 kernel: ksmbd: fix potencial out-of-bounds when buffer offset is invalid2024-05-01
CVE-2024-26952 — Classic Buffer Overflow in Linux | cvebase