CVE-2024-0565

NameCVE-2024-0565
DescriptionAn out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3842-1, DSA-5681-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.237-1fixed
bookworm6.1.148-1fixed
bookworm (security)6.1.147-1fixed
trixie6.12.43-1fixed
trixie (security)6.12.41-1fixed
forky6.16.3-1fixed
sid6.16.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye5.10.216-1DSA-5681-1
linuxsourcebookworm6.1.69-1
linuxsource(unstable)6.6.8-1
linux-5.10sourcebuster5.10.216-1~deb10u1DLA-3842-1

Notes

https://git.kernel.org/linus/eec04ea119691e65227a97ce53c0da6b9b74b0b7 (6.7-rc6)
Search for package or bug name: Reporting problems