CVE-2024-0565

Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client

Published: 1/15/2024 Last updated: 11/6/2025 Reserved: 1/15/2024

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.8	Medium	CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (61)

Product	Vendor	Version
		<= 1.0
Red Hat Enterprise Linux 7	Red Hat	12.2(53)SG11
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< 6.2.9200.24216
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	10.5, 11.1, 11.5
Red Hat Enterprise Linux 9	Red Hat	12.2(52)SG
Red Hat Enterprise Linux 9	Red Hat	Cisco Meeting Server
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	12.2(54)SG
Red Hat Enterprise Linux 8	Red Hat	12.2(54)SG1
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	12.2(53)SG4
Red Hat Enterprise Linux 7	Red Hat	17.10.1b
Red Hat Enterprise Linux 6	Red Hat	< 6.1.7601.25860
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	17.7.1
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.6(3)M6a
Red Hat Enterprise Linux 9	Red Hat	17.6.7
Red Hat Enterprise Linux 9	Red Hat	15.6(3)M7
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	17.6.5a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	15.6(3)M6
Red Hat Enterprise Linux 8	Red Hat	n/a
		n/a
Red Hat Enterprise Linux 7	Red Hat	9
Red Hat Enterprise Linux 8	Red Hat	12.2(53)SG3
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	Android-11
Red Hat Enterprise Linux 9	Red Hat	15.3(3)JPC
RHOL-5.7-RHEL-8	Red Hat	< 10.0.14393.4946
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	15.6(3)M6b
RHOL-5.7-RHEL-8	Red Hat	< 6.2.9200.24216
RHOL-5.7-RHEL-8	Red Hat	APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9379, QCA9886, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
RHOL-5.7-RHEL-8	Red Hat	12.2(53)SG5
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	17.7.1a
RHOL-5.7-RHEL-8	Red Hat	15.6(3)M8
RHOL-5.7-RHEL-8	Red Hat	< 1.0
RHOL-5.7-RHEL-8	Red Hat	17.7.1b
RHOL-5.7-RHEL-8	Red Hat	12.2(53)SG6
RHOL-5.7-RHEL-8	Red Hat	15.6(3)M9
RHOL-5.7-RHEL-8	Red Hat	<= 3.7.3
RHOL-5.7-RHEL-8	Red Hat	< 10.0.14393.4946
RHOL-5.7-RHEL-8	Red Hat	SMR Aug-2023 Release 1
RHOL-5.7-RHEL-8	Red Hat	12.2(53)SG7
RHOL-5.7-RHEL-8	Red Hat	17.7.2
RHOL-5.7-RHEL-8	Red Hat	< 6.3.9600.20919
RHOL-5.7-RHEL-8	Red Hat	12.2(53)SG8
RHOL-5.7-RHEL-8	Red Hat	15.1(3)SVJ2
RHOL-5.7-RHEL-8	Red Hat	<= 10.1.4
RHOL-5.7-RHEL-8	Red Hat	7
RHOL-5.7-RHEL-8	Red Hat	12.2(53)SG9
RHOL-5.7-RHEL-8	Red Hat	17.10.1
RHOL-5.7-RHEL-8	Red Hat	8
RHOL-5.7-RHEL-8	Red Hat	15.2(4)EC1
RHOL-5.7-RHEL-8	Red Hat	17.10.1a
RHOL-5.7-RHEL-8	Red Hat	AQT1000, AR8035, CSRB31024, FSM10056, MDM9150, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCS603, QCS605, QCS8155, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD835, SD845, SD855, SD865 5G, SD870, SDX24, SDX55, SDX55M, SDXR2 5G, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9380, WCD9385, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835
RHOL-5.7-RHEL-8	Red Hat	12.2(53)SG10
RHOL-5.7-RHEL-8	Red Hat	< 2.9.18
RHOL-5.7-RHEL-8	Red Hat	All versions
RHOL-5.7-RHEL-8	Red Hat	< 6.3.9600.20919
RHOL-5.7-RHEL-8	Red Hat	15.2(4)EC2
RHOL-5.7-RHEL-8	Red Hat	8.1

CVE-2024-0565

Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client

Metrics

Opam packages affected (27)

Products affected (61)

References (48)