PT-2024-2003 · Linux+4 · Linux Kernel+4

Published

2024-01-14

Updated

2024-08-13

CVE-2024-26594

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel ksmbd (affected versions not specified)

Description The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup() function within the Linux kernel's ksmbd server. This can potentially allow an attacker to impact the confidentiality and availability of data. If a client sends an invalid mech token in a session setup request, ksmbd validates and makes an error if it is invalid.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-303

Related Identifiers

AZL-35452

BDU:2024-01862

CVE-2024-26594

USN-6688-1

USN-6765-1

USN-6766-1

USN-6766-2

USN-6766-3

USN-6795-1

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

USN-6828-1

ZDI-24-194

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-2003 · Linux+4 · Linux Kernel+4

CVE-2024-26594

Weakness Enumeration

Related Identifiers

Affected Products

References · 432