CVE-2024-56627

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-56627
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56627.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56627
Downstream
Related
Published
2024-12-27T14:51:29.854Z
Modified
2026-05-28T03:55:16.211207769Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix Out-of-Bounds Read in ksmbdvfsstream_read

An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxattr parameter' in ksmbd.conf.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56627.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0626e6641f6b467447c81dd7678a69c66f7746cf
Fixed
6bd1bf0e8c42f10a9a9679a4c103a9032d30594d
Fixed
de4d790dcf53be41736239d7ee63849a16ff5d10
Fixed
27de4295522e9a33e4a3fc72f7b8193df9eebe41
Fixed
81eed631935f2c52cdaf6691c6d48e0b06e8ad73
Fixed
fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56627.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.176
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.120
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.66
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56627.json"