CVE-2024-26980

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().

Reserved 2024-02-19 | Published 2024-05-01 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

0626e6641f6b467447c81dd7678a69c66f7746cf before da21401372607c49972ea87a6edaafb36a17c325
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before b80ba648714e6d790d69610cf14656be222d0248
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 3160d9734453a40db248487f8204830879c207f1
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 0977f89722eceba165700ea384f075143f012085
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before c119f4ede3fa90a9463f50831761c28f989bfb20
affected

Default status
affected

5.15
affected

Any version before 5.15
unaffected

5.15.159
unaffected

6.1.88
unaffected

6.6.29
unaffected

6.8.8
unaffected

6.9
unaffected

References

git.kernel.org/...c/da21401372607c49972ea87a6edaafb36a17c325

git.kernel.org/...c/b80ba648714e6d790d69610cf14656be222d0248

git.kernel.org/...c/3160d9734453a40db248487f8204830879c207f1

git.kernel.org/...c/0977f89722eceba165700ea384f075143f012085

git.kernel.org/...c/c119f4ede3fa90a9463f50831761c28f989bfb20

cve.org (CVE-2024-26980)

nvd.nist.gov (CVE-2024-26980)

Download JSON