CVE-2024-26980

ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/da21401372607c49972ea87a6edaafb36a17c325 patch
https://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248 patch
https://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1 patch
https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085 patch
https://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20 patch

Frequently Asked Questions

What is the severity of CVE-2024-26980?
CVE-2024-26980 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26980?
To fix CVE-2024-26980, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26980 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26980 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26980?
CVE-2024-26980 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.