{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26811", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.180Z", "datePublished": "2024-04-08T10:02:18.184Z", "dateUpdated": "2024-11-05T09:16:16.050Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:16:16.050Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate payload size in ipc response\n\nIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc\nresponse to ksmbd kernel server. ksmbd should validate payload size of\nipc response from ksmbd.mountd to avoid memory overrun or\nslab-out-of-bounds. This patch validate 3 ipc response that has payload."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/ksmbd_netlink.h", "fs/smb/server/mgmt/share_config.c", "fs/smb/server/transport_ipc.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "88b7f1143b15", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "51a6c2af9d20", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a637fabac554", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "76af689a45aa", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a677ebd8ca2f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/ksmbd_netlink.h", "fs/smb/server/mgmt/share_config.c", "fs/smb/server/transport_ipc.c"], "versions": [{"version": "5.15.157", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300"}, {"url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd"}, {"url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c"}, {"url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896"}, {"url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac"}], "title": "ksmbd: validate payload size in ipc response", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.586Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:50:30.655244Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:43.255Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26811", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.180Z", "datePublished": "2024-04-08T10:02:18.184Z", "dateUpdated": "2024-08-02T00:14:13.586Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:23:11.880Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate payload size in ipc response\n\nIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc\nresponse to ksmbd kernel server. ksmbd should validate payload size of\nipc response from ksmbd.mountd to avoid memory overrun or\nslab-out-of-bounds. This patch validate 3 ipc response that has payload."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/ksmbd_netlink.h", "fs/smb/server/mgmt/share_config.c", "fs/smb/server/transport_ipc.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "88b7f1143b15", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "51a6c2af9d20", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a637fabac554", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "76af689a45aa", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a677ebd8ca2f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/ksmbd_netlink.h", "fs/smb/server/mgmt/share_config.c", "fs/smb/server/transport_ipc.c"], "versions": [{"version": "5.15.157", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300"}, {"url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd"}, {"url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c"}, {"url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896"}, {"url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac"}], "title": "ksmbd: validate payload size in ipc response", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:50:30.655244Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:18.338Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate payload size in ipc response\n\nIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc\nresponse to ksmbd kernel server. ksmbd should validate payload size of\nipc response from ksmbd.mountd to avoid memory overrun or\nslab-out-of-bounds. This patch validate 3 ipc response that has payload."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: validar el tama\u00f1o del payload en la respuesta de ipc Si instala herramientas ksmbd maliciosas, ksmbd.mountd puede devolver una respuesta de ipc no v\u00e1lida al servidor del kernel de ksmbd. ksmbd debe validar el tama\u00f1o del payload de la respuesta ipc de ksmbd.mountd para evitar el desbordamiento de la memoria o los l\u00edmites. Este parche valida 3 respuestas ipc que tienen payload."}], "id": "CVE-2024-26811", "lastModified": "2024-04-28T12:15:20.780", "metrics": {}, "published": "2024-04-08T10:15:08.540", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ksmbd: validate payload size in ipc response", "id": "2273967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273967"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nksmbd: validate payload size in ipc response\nIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc\nresponse to ksmbd kernel server. ksmbd should validate payload size of\nipc response from ksmbd.mountd to avoid memory overrun or\nslab-out-of-bounds. This patch validate 3 ipc response that has payload."], "name": "CVE-2024-26811", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26811\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26811\nhttps://lore.kernel.org/linux-cve-announce/2024040822-CVE-2024-26811-f7f5@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.9-rc3"}