CVE-2024-56627

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6bd1bf0e8c42f10a9a9679a4c103a9032d30594d patch
https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10 patch
https://git.kernel.org/stable/c/27de4295522e9a33e4a3fc72f7b8193df9eebe41 patch
https://git.kernel.org/stable/c/81eed631935f2c52cdaf6691c6d48e0b06e8ad73 patch
https://git.kernel.org/stable/c/fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9 patch

Frequently Asked Questions

What is the severity of CVE-2024-56627?
CVE-2024-56627 has been scored as a high severity vulnerability.
How to fix CVE-2024-56627?
To fix CVE-2024-56627, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56627 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56627 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56627?
CVE-2024-56627 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.