Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-26601

Published: 26/02/2024 Updated: 17/04/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linux Kernel

Vulnerability Summary

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2_parse_contexts() function. Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). (CVE-2023-52434) A vulnerability exists in the Linux kernel's IPv4 networking stack. Under certain conditions, MPTCP and NetLabel can be configured in a way that triggers a double free memory error in net/ipv4/af_inet.c:inet_sock_destruct(). This may lead to a system crash, denial of service, or potential arbitrary code execution. (CVE-2024-1627) In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundantmb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based oncode in mb_free_blocks(), fast commit replay can end up marking as freeblocks that are already marked as such. This causes corruption of thebuddy bitmap so we need to regenerate it in that case. (CVE-2024-26601)

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Amazon Linux 2: ALASKERNEL-5.10-2024-052
A flaw was found in the smb client in the Linux kernel A potential out-of-bounds error was seen in the smb2_parse_contexts() function Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts() (CVE-2023-52434) A vulnerability was discovered in the Linux kernel's IPv4 networking stack Under certain conditions, MPT ...
Amazon Linux 2: ALASKERNEL-5.15-2024-040
A flaw was found in the smb client in the Linux kernel A potential out-of-bounds error was seen in the smb2_parse_contexts() function Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts() (CVE-2023-52434) A vulnerability was discovered in the Linux kernel's IPv4 networking stack Under certain conditions, MPT ...
Red Hat:
Description<!---->This CVE is under investigation by Red Hat Product Security ...

References

NVD-CWE-noinfohttps://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cbhttps://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4ehttps://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51ahttps://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-052.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook