// For flags

CVE-2024-0565

Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client

Severity Score

7.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Se encontró un fallo de lectura de memoria fuera de los límites en receive_encrypted_standard en fs/smb/client/smb2ops.c en el subcomponente SMB Client en el kernel de Linux. Este problema se produce debido a un desbordamiento insuficiente de enteros en la longitud de memcpy, lo que provoca una denegación de servicio.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SMB headers. The issue results from the lack of proper validation of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel.

*Credits: fffvr
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-15 CVE Reserved
  • 2024-01-15 CVE Published
  • 2024-09-13 CVE Updated
  • 2024-09-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 6.1.36 < 6.7
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.36 < 6.7"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 6.7
Search vendor "Linux" for product "Linux Kernel" and version "6.7"
rc1
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 6.7
Search vendor "Linux" for product "Linux Kernel" and version "6.7"
rc2
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 6.7
Search vendor "Linux" for product "Linux Kernel" and version "6.7"
rc3
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 6.7
Search vendor "Linux" for product "Linux Kernel" and version "6.7"
rc4
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 6.7
Search vendor "Linux" for product "Linux Kernel" and version "6.7"
rc5
Affected
Netapp
Search vendor "Netapp"
 Ontap Tools
Search vendor "Netapp" for product "Ontap Tools"
-vmware_vsphere
Affected