{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-26954","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.200Z","datePublished":"2024-05-01T05:18:47.428Z","dateUpdated":"2025-11-03T21:54:08.613Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-09-11T12:10:13.767Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf ->NameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/smb2misc.c"],"versions":[{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"d70c2e0904ab3715c5673fd45788a464a246d1db","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"3b8da67191e938a63d2736dabb4ac5d337e5de57","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"4f97e6a9d62cb1fce82fbf4baff44b83221bc178","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"a80a486d72e20bd12c335bcd38b6e6f19356b0aa","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/smb2misc.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"6.1.119","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.32","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.12","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.3","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.32"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.7.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.8.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d70c2e0904ab3715c5673fd45788a464a246d1db"},{"url":"https://git.kernel.org/stable/c/9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72"},{"url":"https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57"},{"url":"https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178"},{"url":"https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa"}],"title":"ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:54:08.613Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26954","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:45:29.977526Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:48.598Z"}}]}}