Lucene search

K

GoogleOSV:CVE-2024-26952

HistoryMay 01, 2024 - 6:15 a.m.

CVE-2024-26952

2024-05-0106:15:00

Google

osv.dev

3

linux kernel

vulnerability

ksmbd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.

References

git.kernel.org/linus/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da

git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5

git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63

git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da

ubuntu.com/security/CVE-2024-26952

ubuntu.com/security/notices/USN-6816-1

ubuntu.com/security/notices/USN-6817-1

ubuntu.com/security/notices/USN-6817-2

ubuntu.com/security/notices/USN-6817-3

ubuntu.com/security/notices/USN-6878-1

ubuntu.com/security/notices/USN-6923-1

ubuntu.com/security/notices/USN-6923-2

ubuntu.com/security/notices/USN-6927-1

www.cve.org/CVERecord?id=CVE-2024-26952

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

Related for OSV:CVE-2024-26952

cbl_mariner2 ubuntucve1 debiancve1 cve1 nessus12 redhatcve1 cvelist1 vulnrichment1 nvd1 ubuntu10 osv11 openvas11