CVE-2024-26811

critical

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.

References

https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac

https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c

https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300

https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896

https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd

Details

Source: Mitre, NVD

Published: 2024-04-08

Updated: 2024-04-28

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical