An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00073.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel
Netapp
  • Ontap Tools
Redhat
  • Enterprise Linux
  • Logging
  • Rhel Eus
  • Rhev Hypervisor

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:1614 2024-04-02T00:00:00Z
kernel-0:4.18.0-513.24.1.el8_9 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:1607 2024-04-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.95.1.el8_6 cpe:/o:redhat:rhel_eus:8.6 RHSA-2024:1188 2024-03-06T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.51.1.el8_8 cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:1404 2024-03-19T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.13.1.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2394 2024-04-30T00:00:00Z
kernel-0:5.14.0-427.13.1.el9_4 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:2394 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.59.1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:1532 2024-03-27T00:00:00Z
kernel-rt-0:5.14.0-284.59.1.rt14.344.el9_2 cpe:/a:redhat:rhel_eus:9.2::nfv RHSA-2024:1533 2024-03-27T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.95.1.el8_6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2024:1188 2024-03-06T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.7.13-16 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-408 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.7.13-19 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-248 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-215 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-431 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-471 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-15 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.7.13-3 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.7.13-27 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.7.13-12 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-527 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-225 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.28.1-57 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3842-1 linux-5.10 security update
Debian DSA Debian DSA DSA-5681-1 linux security update
EUVD EUVD EUVD-2024-16358 An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
Ubuntu USN Ubuntu USN USN-6639-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-6648-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6648-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-6651-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6651-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6651-3 Linux kernel (StarFive) vulnerabilities
Ubuntu USN Ubuntu USN USN-6652-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-6653-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6653-2 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-6653-3 Linux kernel (Low Latency) vulnerabilities
Ubuntu USN Ubuntu USN USN-6653-4 Linux kernel (GKE) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

References
Link Providers
https://access.redhat.com/errata/RHSA-2024:1188 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1404 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1532 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1533 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1607 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1614 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2093 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2394 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-0565 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2258518 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-0565 cve-icon
https://security.netapp.com/advisory/ntap-20240223-0002/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-0565 cve-icon
https://www.spinics.net/lists/stable-commits/msg328851.html cve-icon cve-icon cve-icon
History

Tue, 03 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Sat, 14 Sep 2024 00:45:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T13:57:25.932Z

Reserved: 2024-01-15T19:19:12.076Z

Link: CVE-2024-0565

cve-icon Vulnrichment

Updated: 2024-08-01T18:11:35.146Z

cve-icon NVD

Status : Modified

Published: 2024-01-15T20:15:43.630

Modified: 2024-11-21T08:46:53.230

Link: CVE-2024-0565

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-12-18T00:00:00Z

Links: CVE-2024-0565 - Bugzilla

cve-icon OpenCVE Enrichment

No data.