CVE-2024-56627

Published Dec 27, 2024

Last updated a month ago

CVSS high 7.1

Overview

Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
5.2
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-125

Social media

Hype score
Not currently trending

  1. Threat Alert: CVE-2024-56626 &amp- CVE-2024-56627: Critical Linux Kernel SMB Server Bugs Uncov CVE-2024-56626 CVE-2024-56627 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/ymxuhQjuyJ #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    29 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. KSMBD Modülünde Kritik Güvenlik Açıkları: CVE-2024-56626 ve CVE-2024-56627 https://t.co/BH8DBBB5gF

    @cyberwebeyeos

    28 Jan 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-56626 & CVE-2024-56627: Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published - https://t.co/4OPGcrKfRM

    @moton

    28 Jan 2025

    71 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Linuxカーネル用SMBサーバーに重大な脆弱性、PoCも公開済み:CVE-2024-56626、CVE-2024-56627 | Codebook https://t.co/lycg1bWfBu ”攻撃者による脆弱なシステムの乗っ取りを可能にする恐れがある…影響を受けるのは5.15より後のカーネルバージョンで、パッチ済みバージョンは6.13-rc2”

    @catnap707

    28 Jan 2025

    513 Impressions

    1 Retweet

    10 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. CVE-2024-56626 & CVE-2024-56627: Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published https://t.co/Uy1sNcIcUS

    @Dinosn

    28 Jan 2025

    3136 Impressions

    17 Retweets

    48 Likes

    12 Bookmarks

    1 Reply

    0 Quotes

  6. LinuxカーネルのSMBサーバ機能KSMBDで重大(Critical)な脆弱性複数が修正された。CVE-2024-56626は境界外書き込み、CVE-2024-56627は境界外読み込みで、それぞれCVSSスコアは9.8と9.1。カーネル5.15より後が脆弱で、6.13-rc2で修正。 https://t.co/jsG2GjbEgo

    @__kokumoto

    28 Jan 2025

    3047 Impressions

    23 Retweets

    46 Likes

    14 Bookmarks

    0 Replies

    1 Quote

  7. CVE-2024-56626 (CVSS 9.8) & CVE-2024-56627 (CVSS 9.1): Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published Discover the critical vulnerabilities in KSMBD that could allow attackers to gain control of Linux systems. https://t.co/vsJKZLa5AD

    @the_yellow_fall

    28 Jan 2025

    426 Impressions

    3 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References