CVE-2024-26980

Published: May 1, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().

Vendor	Product	Versions
Linux	Linux	affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < da21401372607c49972ea87a6edaafb36a17c325` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < b80ba648714e6d790d69610cf14656be222d0248` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 3160d9734453a40db248487f8204830879c207f1` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 0977f89722eceba165700ea384f075143f012085` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < c119f4ede3fa90a9463f50831761c28f989bfb20`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `5.15.159 - <= 5.15.` unaffected `6.1.88 - <= 6.1.` unaffected `6.6.29 - <= 6.6.*` +2 more versions

References

https://git.kernel.org/stable/c/da21401372607c49972ea87a6edaafb36a17c325

https://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248

https://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1

https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085

https://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26980

Description

Affected Products

References