OOB Read in SMB Client due to Integer Underflow CVE-2024-0565
CVE-2024-0565 Published on January 15, 2024

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an Integer underflow Vulnerability?

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.

CVE-2024-0565 has been classified to as an Integer underflow vulnerability or weakness.


Products Associated with CVE-2024-0565

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-0565 are published in these products:

Linux Kernel
 
Canonical Ubuntu Linux
 
NetApp Ontap Tools
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Rhev Hypervisor
 
Red Hat Rhel Eus
 
Red Hat Logging
 

Exploit Probability

EPSS
0.07%
Percentile
22.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.