In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().
History

Tue, 24 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-01T05:26:56.744Z

Updated: 2024-12-19T08:51:39.091Z

Reserved: 2024-02-19T14:20:24.204Z

Link: CVE-2024-26980

cve-icon Vulnrichment

Updated: 2024-08-02T00:21:05.907Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-01T06:15:15.423

Modified: 2024-11-21T09:03:32.600

Link: CVE-2024-26980

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-01T00:00:00Z

Links: CVE-2024-26980 - Bugzilla