{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T14:46:38.562","vulnerabilities":[{"cve":{"id":"CVE-2024-49996","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-10-21T18:15:19.760","lastModified":"2025-11-03T21:16:45.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType's size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev()."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige el desbordamiento de búfer al analizar los puntos de análisis de NFS ReparseDataLength es la suma del tamaño de InodeType y el tamaño de DataBuffer. Por lo tanto, para obtener el tamaño de DataBuffer, es necesario restar el tamaño de InodeType de ReparseDataLength. La función cifs_strndup_from_utf16() está accediendo actualmente a buf->DataBuffer en la posición después del final del búfer porque no resta el tamaño de InodeType de la longitud. Solucione este problema y reste correctamente la variable len. El miembro InodeType solo está presente cuando el búfer de análisis es lo suficientemente grande. Verifique ReparseDataLength antes de acceder a InodeType para evitar otro acceso no válido a la memoria. Los valores rdev principales y secundarios también están presentes solo cuando el búfer de análisis es lo suficientemente grande. Verifique el tamaño del búfer de análisis antes de llamar a reparse_mkdev()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.55","matchCriteriaId":"93FE9DDB-76BE-4920-9078-D8278AF553B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.10.14","matchCriteriaId":"4C16BCE0-FFA0-4599-BE0A-1FD65101C021"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.11.3","matchCriteriaId":"54D9C704-D679-41A7-9C40-10A6B1E7FFE9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}