CVE-2024-26811

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26811
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26811.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26811
Downstream
Published
2024-04-08T10:02:18.184Z
Modified
2026-05-18T05:58:48.679824004Z
Summary
ksmbd: validate payload size in ipc response
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate payload size in ipc response

If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26811.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0626e6641f6b467447c81dd7678a69c66f7746cf
Fixed
88b7f1143b15b29cccb8392b4f38e75b7bb3e300
Fixed
51a6c2af9d20203ddeeaf73314ba8854b38d01bd
Fixed
a637fabac554270a851033f5ab402ecb90bc479c
Fixed
76af689a45aa44714b46d1a7de4ffdf851ded896
Fixed
a677ebd8ca2f2632ccdecbad7b87641274e15aac

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26811.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.157
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.85
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.26
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26811.json"