CVE-2024-26828

Published: Apr 17, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.

Vendor	Product	Versions
Linux	Linux	affected `fe856be475f7cf5ffcde57341d175ce9fd09434b - < 7190353835b4a219abb70f90b06cdcae97f11512` affected `fe856be475f7cf5ffcde57341d175ce9fd09434b - < f7ff1c89fb6e9610d2b01c1821727729e6609308` affected `fe856be475f7cf5ffcde57341d175ce9fd09434b - < df2af9fdbc4ddde18a3371c4ca1a86596e8be301` affected `fe856be475f7cf5ffcde57341d175ce9fd09434b - < cffe487026be13eaf37ea28b783d9638ab147204`
Linux	Linux	affected `4.18` unaffected `0 - < 4.18` unaffected `6.1.79 - <= 6.1.` unaffected `6.6.18 - <= 6.6.` unaffected `6.7.6 - <= 6.7.*` +1 more versions

References

https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512

https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308

https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301

https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26828

Description

Affected Products

References