CVE-2024-0565
Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
kernelRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat · RHOL-5.7-RHEL-8Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2024:1188https://access.redhat.com/errata/RHSA-2024:1404https://access.redhat.com/errata/RHSA-2024:1532https://access.redhat.com/errata/RHSA-2024:1533https://access.redhat.com/errata/RHSA-2024:1607https://access.redhat.com/errata/RHSA-2024:1614https://access.redhat.com/errata/RHSA-2024:2093https://access.redhat.com/errata/RHSA-2024:2394https://access.redhat.com/security/cve/CVE-2024-0565https://bugzilla.redhat.com/show_bug.cgi?id=2258518https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlhttps://security.netapp.com/advisory/ntap-20240223-0002/