CVE-2024-56626

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 27, 2024

Updated: Jan 16, 2025

CWE ID 787

Summary

CVE-2024-56626 is a vulnerability discovered in the Linux kernel affecting the ksmbd component. This issue involves an out-of-bounds write vulnerability in the function ksmbd_vfs_stream_write. If a client provides a negative offset value, data can be written outside the bounds of the allocated buffer, potentially leading to unintended consequences. This vulnerability is triggered when the 'vfs objects = streams_xattr' parameter is set in the ksmbd.conf configuration file. This weakness has been resolved in the latest Linux kernel updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/183jrP
https://www.cve.org/CVERecord?id=CVE-2024-56626
https://nvd.nist.gov/vuln/detail/CVE-2024-56626

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-56626

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations