CVE-2024-26952

ksmbd: fix potencial out-of-bounds when buffer offset is invalid

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.

Categories

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.22%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/480469f145e5abf83361e608734e421b7d99693d patch
https://git.kernel.org/stable/c/ad6480c9a5d884e2704adc51d69895d93339176c patch
https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e patch
https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63 patch
https://git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5 patch
https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da patch

Frequently Asked Questions

What is the severity of CVE-2024-26952?
CVE-2024-26952 has been scored as a high severity vulnerability.
How to fix CVE-2024-26952?
To fix CVE-2024-26952, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26952 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26952 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26952?
CVE-2024-26952 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.