In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.
History

Mon, 04 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 16 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T09:43:52.995Z

Updated: 2024-12-19T08:48:13.331Z

Reserved: 2024-02-19T14:20:24.181Z

Link: CVE-2024-26828

cve-icon Vulnrichment

Updated: 2024-08-02T00:14:13.603Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-17T10:15:09.300

Modified: 2024-11-21T09:03:09.600

Link: CVE-2024-26828

cve-icon Redhat

Severity : Low

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26828 - Bugzilla