CVE-2024-0565

high

Description

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

References

https://www.spinics.net/lists/stable-commits/msg328851.html

https://bugzilla.redhat.com/show_bug.cgi?id=2258518

https://access.redhat.com/security/cve/CVE-2024-0565

https://access.redhat.com/errata/RHSA-2024:2394

https://access.redhat.com/errata/RHSA-2024:2093

https://access.redhat.com/errata/RHSA-2024:1614

https://access.redhat.com/errata/RHSA-2024:1607

https://access.redhat.com/errata/RHSA-2024:1533

https://access.redhat.com/errata/RHSA-2024:1532

https://access.redhat.com/errata/RHSA-2024:1404

https://access.redhat.com/errata/RHSA-2024:1188

Details

Source: Mitre, NVD

Published: 2024-01-15

Updated: 2024-09-14

Risk Information

CVSS v2

Base Score: 7.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High