An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. — CVE-2024-22705

Zusammenfassung

Sicherheitshinweis CVE-2024-22705. An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an… Hersteller: Microsoft. Quelle: MSRC. Risiko: high. CVSS 7.8. Details…

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• .NET Denial of Service Vulnerability CVE-2024-20672
• .NET Framework Denial of Service Vulnerability CVE-2024-21312
• An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family) CVE-2023-6040
• Azure Storage Mover Remote Code Execution Vulnerability CVE-2024-20676
• Improper Handling of Missing Values in Wireshark CVE-2024-0208
• In the Linux kernel before 6.4.12 amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. CVE-2023-51042
• In the Linux kernel before 6.4.5 drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. CVE-2023-51043
• io_uring UAF Unix SCM garbage collection CVE-2022-2602
• It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted. CVE-2022-2586
• It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. CVE-2022-2588
• It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free. CVE-2022-2585
• Kernel: aoe: improper reference count leads to use-after-free vulnerability CVE-2023-6270