PT-2024-10375 · Linux+5 · Linux Kernel+5

Jordy Zomer

·

Published

2024-11-28

·

Updated

2025-10-03

·

CVE-2024-56626

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions are not explicitly specified in the provided descriptions.
Description: The issue is related to an Out-of-Bounds Write in ksmbd vfs stream write. It occurs when an offset from the client is a negative value, allowing data to be written outside the allocated buffer bounds. This happens when the 'vfs objects = streams xattr parameter' is set in ksmbd.conf.
Recommendations: Since specific affected versions are not provided, a general recommendation cannot be accurately tailored to each version. However, based on the information given, to resolve the issue, ensure that the ksmbd vfs stream write function properly handles negative offset values from clients, and review the configuration of ksmbd.conf to avoid settings that could trigger this issue.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17881
ALT-PU-2024-17897
ALT-PU-2025-12647
BDU:2025-00880
BDU:2025-00883
CVE-2024-56626
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1078
OESA-2025-1079
OESA-2025-1080
OESA-2025-1081
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7407-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu