CVE-2024-26936

Name	CVE-2024-26936
Description	In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf before validating request. But the fields in payload as well as smb2 header is used in smb2_allocate_rsp_buf(). This patch add simple buffer size validation to avoid potencial out-of-bounds in request buffer.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-5680-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.218-1	vulnerable
	bullseye (security)	5.10.221-1	vulnerable
	bookworm	6.1.94-1	fixed
	bookworm (security)	6.1.99-1	fixed
	trixie	6.9.10-1	fixed
	sid	6.9.11-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
linux	source	bookworm	6.1.90-1		DSA-5680-1
linux	source	(unstable)	6.8.9-1

https://git.kernel.org/linus/17cf0c2794bdb6f39671265aa18aea5c22ee8c4a (6.9-rc6)