CVE-2024-0565

MEDIUMMonitor

Published:Jan 15, 2024(2 years ago)

Modified:Nov 21, 2024

Adjacent Network

Vulnerability Description

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Attack Characteristics

ADJACENT_NETWORKHigh ComplexityLow PrivilegesUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
linux	linux_kernel	6.1.36 - 6.7	-
linux	linux_kernel	-	-
linux	linux_kernel	-

Timeline

Published
CVE disclosed publicly
Jan 15, 20242 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://access.redhat.com/errata/RHSA-2024:1188
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:1532
https://access.redhat.com/errata/RHSA-2024:1533

CVSS Score

v3.1

6.8/ 10.0

MEDIUM

AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

At a Glance

Affected Products

References

linux / linux_kernel

https://access.redhat.com/errata/RHSA-2024:1607

https://access.redhat.com/errata/RHSA-2024:1614

https://access.redhat.com/errata/RHSA-2024:2093

https://access.redhat.com/errata/RHSA-2024:2394

https://access.redhat.com/security/cve/CVE-2024-0565Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258518Issue Tracking

https://www.spinics.net/lists/stable-commits/msg328851.htmlMailing List

https://access.redhat.com/errata/RHSA-2024:1188

https://access.redhat.com/errata/RHSA-2024:1404

https://access.redhat.com/errata/RHSA-2024:1532

https://access.redhat.com/errata/RHSA-2024:1533

https://access.redhat.com/errata/RHSA-2024:1607

https://access.redhat.com/errata/RHSA-2024:1614

https://access.redhat.com/errata/RHSA-2024:2093

https://access.redhat.com/errata/RHSA-2024:2394

https://access.redhat.com/security/cve/CVE-2024-0565Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258518Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://security.netapp.com/advisory/ntap-20240223-0002/

https://www.spinics.net/lists/stable-commits/msg328851.htmlMailing List

CVSS v3 Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability

Attack VectorAdjacent

Attack ComplexityHigh

Privileges RequiredLow

User InteractionRequired

Impact

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

Impact Analysis

ConfidentialityHigh

NoneLowHigh

IntegrityHigh

NoneLowHigh

AvailabilityHigh

NoneLowHigh

CVE-2024-0565

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description