Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-0565

Опубликовано: 18 дек. 2023
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Отчет

This vulnerability considered being Moderate impact because of limitations for attack scenario.

Меры по смягчению последствий

To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:161402.04.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:160702.04.2024
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:118806.03.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:140419.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-191
https://bugzilla.redhat.com/show_bug.cgi?id=2258518kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

EPSS

Процентиль: 21%
0.00066
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-0565

CVSS3: 6.8
ubuntu
больше 1 года назад

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

nvd логотип

CVE-2024-0565

CVSS3: 6.8
nvd
больше 1 года назад

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

msrc логотип

CVE-2024-0565

CVSS3: 7.4
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-0565

CVSS3: 6.8
debian
больше 1 года назад

An out-of-bounds memory read flaw was found in receive_encrypted_stand ...

github логотип

GHSA-4jrv-6m77-vrhq

CVSS3: 7.1
github
больше 1 года назад

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

EPSS

Процентиль: 21%
0.00066
Низкий

6.8 Medium

CVSS3