CVE-2024-26594

ksmbd: validate mech token in session setup

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.60%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b patch
https://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9 patch
https://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a patch
https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e patch
https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d patch

Frequently Asked Questions

What is the severity of CVE-2024-26594?
CVE-2024-26594 has been scored as a high severity vulnerability.
How to fix CVE-2024-26594?
To fix CVE-2024-26594, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26594 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26594 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26594?
CVE-2024-26594 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.