Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published May 1, 2024 to the GitHub Advisory Database • Updated May 17, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate request buffer size in smb2_allocate_rsp_buf()

The response buffer should be allocated in smb2_allocate_rsp_buf
before validating request. But the fields in payload as well as smb2 header
is used in smb2_allocate_rsp_buf(). This patch add simple buffer size
validation to avoid potencial out-of-bounds in request buffer.

References

Published by the National Vulnerability Database May 1, 2024
Published to the GitHub Advisory Database May 1, 2024
Last updated May 17, 2024

Severity

Unknown

EPSS score

0.045%
(17th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2024-26936

GHSA ID

GHSA-54v9-xvg8-m8r8

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.