- CVE-2024-26952
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.32
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.12
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8.3
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.9.0 up to (excluding) 6.9
- Reference
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.32
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.12
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8.3
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.9
- Reference (Commit)
- ksmbd: fix potencial out-of-bounds when buffer offset is invalid
- Fixed by
- 6.6.32 (39bdc4197acf2ed13269167ccf093ee28cfa2a4e)
- 6.7.12 (2dcda336b6e80b72d58d30d40f2fad9724e5fe63)
- 6.8.3 (0c5541b4c980626fa3cab16ba1a451757778bbb5)
- 6.9 (c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da) (upstream)
- Will be introduced by
- 5.15 (e2f34481b24d)
- I Checked
- XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
- From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
- For 3.16.35, there is related post at lkml
- For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
- XXXX
[CVE Configuration Update Request] Update Suggestion - CVE-2024-26952 - Cvss3 : 7.8
https://www.linuxkernelcves.com/cves/CVE-2024-26952 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-26952.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-26952.json