CVE-2024-26828

MEDIUM

Linux Kernel < 6.1.79 - Integer Underflow

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.

References (4)

[Patch] https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512

[Patch] https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204

[Patch] https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301

[Patch] https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308

Scores

CVSS v3 6.7

EPSS 0.0002

EPSS Percentile 4.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-191

Status published

Products (5)

linux/Kernel 4.18.0 - 6.1.79linux

linux/Kernel 6.2.0 - 6.6.18linux

linux/Kernel 6.7.0 - 6.7.6linux

linux/linux_kernel 6.8 rc1 (4 CPE variants)

linux/linux_kernel 4.18 - 6.1.79

Published Apr 17, 2024

Tracked Since Feb 18, 2026