CVE-2024-0565
Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.8EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
15 ene 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Productos afectados
kernelRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat · RHOL-5.7-RHEL-8¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2024:1188https://access.redhat.com/errata/RHSA-2024:1404https://access.redhat.com/errata/RHSA-2024:1532https://access.redhat.com/errata/RHSA-2024:1533https://access.redhat.com/errata/RHSA-2024:1607https://access.redhat.com/errata/RHSA-2024:1614https://access.redhat.com/errata/RHSA-2024:2093https://access.redhat.com/errata/RHSA-2024:2394https://access.redhat.com/security/cve/CVE-2024-0565https://bugzilla.redhat.com/show_bug.cgi?id=2258518https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlhttps://security.netapp.com/advisory/ntap-20240223-0002/