CVE-2024-56627

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 27, 2024

Updated: Jan 16, 2025

CWE ID 125

Summary

CVE-2024-56627 is a newly identified vulnerability in the Linux kernel that affects the ksmbd component. This issue arises when an offset value from a client request is negative, leading to an out-of-bounds read from the stream_buf in the function ksmbd_vfs_stream_read. The vulnerability is significant as it can be triggered when the 'vfs objects = streams_xattr' parameter is set in the ksmbd.conf file. This weakness could potentially allow an attacker to read sensitive data beyond the intended buffer boundaries. The affected Linux kernel versions have been patched to resolve this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/183jrQ
https://www.cve.org/CVERecord?id=CVE-2024-56627
https://nvd.nist.gov/vuln/detail/CVE-2024-56627

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-56627

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations