CVE-2024-26828

{"id": "CVE-2024-26828", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.5}]}, "published": "2024-04-17T10:15:09.300", "references": [{"url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need. However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t. That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: corrige el desbordamiento insuficiente en parse_server_interfaces() En este bucle, recorremos el b\u00fafer y despu\u00e9s de cada elemento comprobamos si size_left es mayor que el tama\u00f1o m\u00ednimo que necesitamos. Sin embargo, el problema es que \"bytes_left\" es del tipo ssize_t mientras que sizeof() es del tipo size_t. Eso significa que debido a la promoci\u00f3n de tipo, la comparaci\u00f3n se realiza sin firmar y si nos quedan bytes negativos, el ciclo contin\u00faa en lugar de finalizar."}], "lastModified": "2025-04-08T19:16:26.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93A31488-A7BB-4D16-B4B7-141095C7A9A4", "versionEndExcluding": "6.1.79", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}