Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
CVE-2024-0565

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Kernel; Kernel; Red Hat Enterprise Linux 8.6 Extended Update Support; Red Hat Enterprise Linux 8.8 Extended Update Support
Vendor: CVE Published:; 15 January 2024

What is CVE-2024-0565?

A vulnerability has been identified in the Linux Kernel's SMB Client component, specifically within the receive_encrypted_standard function. This flaw arises from an integer underflow during memory copying operations, leading to an out-of-bounds memory read scenario. Exploitation of this issue could cause systems to experience a denial of service, rendering them temporarily inoperable. System administrators are advised to apply the necessary patches to secure their environments and prevent potential disruptions.

Affected Version(s)

Kernel 6.7-rc6

References

https://access.redhat.com/errata/RHSA-2024:1188

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1404

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:1532

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2024
Vulnerability Reserved
Jan 15, 2024

Red Hat

What is CVE-2024-0565?

Affected Version(s)

References

CVSS V3.1

Timeline