ghsa-rmx7-cw76-79w4
Vulnerability from github
Published
2024-05-01 06:31
Modified
2024-05-17 12:30
Details
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().
{ "affected": [], "aliases": [ "CVE-2024-26980" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-01T06:15:15Z", "severity": null }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf\n\nIf -\u003eProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size\nvalidation could be skipped. if request size is smaller than\nsizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in\nsmb2_allocate_rsp_buf(). This patch allocate response buffer after\ndecrypting transform request. smb3_decrypt_req() will validate transform\nrequest size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().", "id": "GHSA-rmx7-cw76-79w4", "modified": "2024-05-17T12:30:59Z", "published": "2024-05-01T06:31:42Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26980" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/da21401372607c49972ea87a6edaafb36a17c325" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW" } ], "schema_version": "1.4.0", "severity": [] }
Loading...