U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-49996 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. Fix this problem and correctly subtract variable len. Member InodeType is present only when reparse buffer is large enough. Check for ReparseDataLength before accessing InodeType to prevent another invalid memory access. Major and minor rdev values are present also only when reparse buffer is large enough. Check for reparse buffer size before calling reparse_mkdev().


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d
https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd
https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9
https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919 Patch 
https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9 Patch 
https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07 Patch 
https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404 Patch 
https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601

Weakness Enumeration

CWE-ID CWE Name Source
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-49996
NVD Published Date:
10/21/2024
NVD Last Modified:
12/14/2024
Source:
kernel.org