7.1

CVE-2024-56627

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

An offset from client could be a negative value, It could lead
to an out-of-bounds read from the stream_buf.
Note that this issue is coming when setting
'vfs objects = streams_xattr parameter' in ksmbd.conf.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.176
LinuxLinux Kernel Version >= 5.16 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.66
LinuxLinux Kernel Version >= 6.7 < 6.12.5
LinuxLinux Kernel Version6.13 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.192
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/27de4295522e9a33e4a3fc72f7b8193df9eebe41
Patch
https://git.kernel.org/stable/c/6bd1bf0e8c42f10a9a9679a4c103a9032d30594d
Patch
https://git.kernel.org/stable/c/81eed631935f2c52cdaf6691c6d48e0b06e8ad73
Patch
https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10
Patch
https://git.kernel.org/stable/c/fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html