Lucene search

Redhat.comRH:CVE-2024-26594

HistoryJun 14, 2024 - 1:43 p.m.

CVE-2024-26594

2024-06-1413:43:33

redhat.com

access.redhat.com

cve-2024-26594

ksmbd

mech token

session setup

error validation

linux kernel

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.9%

JSON

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.

References

bugzilla.redhat.com/show_bug.cgi?id=2292410

lore.kernel.org/linux-cve-announce/2024022325-CVE-2024-26594-1cbc@gregkh/T

nvd.nist.gov/vuln/detail/CVE-2024-26594

www.cve.org/CVERecord?id=CVE-2024-26594

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.9%

JSON

Related for RH:CVE-2024-26594