{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T09:47:35.706","vulnerabilities":[{"cve":{"id":"CVE-2024-26954","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-01T06:15:11.583","lastModified":"2025-11-03T22:16:48.297","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf ->NameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req()."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige slab-out-of-bounds en smb_strndup_from_utf16() Si ->NameOffset de smb2_create_req es menor que el desplazamiento del búfer de smb2_create_req, puede ocurrir una lectura de slab-out-of-bounds de smb2_open. Este parche establece el valor mínimo del desplazamiento del nombre en el desplazamiento del búfer para validar la longitud del nombre de smb2_create_req()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.119","matchCriteriaId":"69A527B2-C28B-4593-81B7-201482E0B302"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.7.12","matchCriteriaId":"F8CE2F9B-E7C2-414E-949B-C109CFC27FBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.8.3","matchCriteriaId":"4C59BBC3-6495-4A77-9C82-55EC7CDF5E02"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Mailing List","Patch"]},{"url":"https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Mailing List","Patch"]},{"url":"https://git.kernel.org/stable/c/9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Mailing List","Patch"]},{"url":"https://git.kernel.org/stable/c/d70c2e0904ab3715c5673fd45788a464a246d1db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Mailing List","Patch"]},{"url":"https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}