In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size
validation could be skipped. if request size is smaller than
sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in
smb2_allocate_rsp_buf(). This patch allocate response buffer after
decrypting transform request. smb3_decrypt_req() will validate transform
request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-125 |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-01T05:26:56.744Z
Updated: 2024-12-19T08:51:39.091Z
Reserved: 2024-02-19T14:20:24.204Z
Link: CVE-2024-26980
Vulnrichment
Updated: 2024-08-02T00:21:05.907Z
NVD
Status : Awaiting Analysis
Published: 2024-05-01T06:15:15.423
Modified: 2024-11-21T09:03:32.600
Link: CVE-2024-26980
Redhat