CVE-2024-49996

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A buffer overflow issue has been identified in the Linux kernel when parsing NFS reparse points. The problem arises because the function cifs strndup from utf16() accesses the DataBuffer beyond its bounds due to not subtracting the InodeType size from the ReparseDataLength. To fix this, the code now correctly subtracts the InodeType size from the ReparseDataLength to prevent accessing memory beyond the buffer's end. Additionally, checks have been added to ensure that InodeType and major and minor rdev values are only accessed when the reparse buffer is sufficiently large, preventing invalid memory accesses.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the buffer overflow issue when parsing NFS reparse points. As a temporary workaround, consider restricting access to the cifs strndup from utf16() function until the update can be applied.