{"id":"CVE-2024-26980","summary":"ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf\n\nIf -\u003eProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size\nvalidation could be skipped. if request size is smaller than\nsizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in\nsmb2_allocate_rsp_buf(). This patch allocate response buffer after\ndecrypting transform request. smb3_decrypt_req() will validate transform\nrequest size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().","modified":"2026-04-02T10:06:37.399943Z","published":"2024-05-01T05:26:56.744Z","related":["MGASA-2024-0263","MGASA-2024-0266"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26980.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20"},{"type":"WEB","url":"https://git.kernel.org/stable/c/da21401372607c49972ea87a6edaafb36a17c325"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26980.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26980"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0626e6641f6b467447c81dd7678a69c66f7746cf"},{"fixed":"da21401372607c49972ea87a6edaafb36a17c325"},{"fixed":"b80ba648714e6d790d69610cf14656be222d0248"},{"fixed":"3160d9734453a40db248487f8204830879c207f1"},{"fixed":"0977f89722eceba165700ea384f075143f012085"},{"fixed":"c119f4ede3fa90a9463f50831761c28f989bfb20"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26980.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}