CVE-2024-56626
ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
27 dez 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
An offset from client could be a negative value, It could allows
to write data outside the bounds of the allocated buffer.
Note that this issue is coming when setting
'vfs objects = streams_xattr parameter' in ksmbd.conf.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/164d3597d26d9acff5d5b8bc3208bdcca942dd6ahttps://git.kernel.org/stable/c/1aea5c9470be2c7129704fb1b9562b1e3e0576f8https://git.kernel.org/stable/c/313dab082289e460391c82d855430ec8a28ddf81https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69cahttps://git.kernel.org/stable/c/c5797f195c67132d061d29c57a7c6d30530686f0https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html