CVE-2024-26811 ksmbd: validate payload size in ipc response

2024-04-0810:02:18

Linux

github.com

linux kernel vulnerability

ksmbd

payload size

ipc response

memory overrun

slab-out-of-bounds

cve-2024-26811

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate payload size in ipc response

If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc
response to ksmbd kernel server. ksmbd should validate payload size of
ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload.