Vulnerability Details : CVE-2024-0565
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
Vulnerability category: Denial of service
Products affected by CVE-2024-0565
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-0565
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-0565
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.4
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.5
|
5.9
|
NIST | 2024-02-05 |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-01-23 |
|
6.8
|
MEDIUM | CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
Red Hat, Inc. | 2024-01-18 |
|
7.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
Red Hat, Inc. | 2024-01-15 |
CWE ids for CVE-2024-0565
-
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2024-0565
-
https://security.netapp.com/advisory/ntap-20240223-0002/
CVE-2024-0565 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1532
RHSA-2024:1532 - Security Advisory - Red Hat カスタマーポータル
-
https://access.redhat.com/errata/RHSA-2024:1533
RHSA-2024:1533 - Security Advisory - Red Hat カスタマーポータル
-
https://access.redhat.com/errata/RHSA-2024:1614
RHSA-2024:1614 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:1607
RHSA-2024:1607 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2258518
2258518 – (CVE-2024-0565) CVE-2024-0565 kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution VulnerabilityIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:2394
RHSA-2024:2394 - Security Advisory - Red Hat Customer Portal
-
https://www.spinics.net/lists/stable-commits/msg328851.html
Patch "smb: client: fix OOB in receive_encrypted_standard()" has been added to the 6.6-stable tree — Linux Stable CommitsMailing List;Patch
-
https://access.redhat.com/security/cve/CVE-2024-0565
CVE-2024-0565- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1188
RHSA-2024:1188 - Security Advisory - Red Hat カスタマーポータル
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security update
-
https://access.redhat.com/errata/RHSA-2024:2093
RHSA-2024:2093 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:1404
RHSA-2024:1404 - Security Advisory - Red Hat カスタマーポータル
Jump to