Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2024-14763
HistoryJan 26, 2024 - 12:00 a.m.

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds access vulnerability exists in the Linux Kernel. The affected version has an out-of-bounds access vulnerability in the receive_encrypted_standard in the smb client subcomponent fs/smb/client/smb2ops.c due to a lack of memory checksum. An out-of-bounds access vulnerability exists, which can be exploited by an attacker to conduct a DOS attack.

2024-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
25
linux
open source
operating system
united states
memory checksum
smb client
dos attack
code issue
vulnerability
nft_byteorder_eval
netfilter functionality
denial of service

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a code issue vulnerability that stems from the fact that in the nft_byteorder_eval() function, the code iteratively loops and writes dst[0], dst[1], dst[2], etc., and writes 8 bytes for each iteration, but dst[] is a u32 array, and therefore only has 4 bytes of space for each element, which means that each iteration overwrites a portion of the previous element. An attacker could use this vulnerability to cause a denial of service or possibly corrupt NetFilter functionality.