CVE-2024-49996 (GCVE-0-2024-49996)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-11 20:43
VLAI
Title
cifs: Fix buffer overflow when parsing NFS reparse points
Summary
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. Fix this problem and correctly subtract variable len. Member InodeType is present only when reparse buffer is large enough. Check for ReparseDataLength before accessing InodeType to prevent another invalid memory access. Major and minor rdev values are present also only when reparse buffer is large enough. Check for reparse buffer size before calling reparse_mkdev().
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 7b222d6cb87077faf56a687a72af1951cf78c8a9 (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 73b078e3314d4854fd8286f3ba65c860ddd3a3dd (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 01cdddde39b065074fd48f07027757783cbf5b7d (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < ec79e6170bcae8a6036a4b6960f5e7e59a785601 (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < c6db81c550cea0c73bd72ef55f579991e0e4ba07 (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < 803b3a39cb096d8718c0aebc03fd19f11c7dc919 (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < c173d47b69f07cd7ca08efb4e458adbd4725d8e9 (git)
Affected: d5ecebc4900df7f6e8dff0717574668885110553 , < e2a8910af01653c1c268984855629d71fb81f404 (git)
Create a notification for this product.
Linux Linux Affected: 5.3
Unaffected: 0 , < 5.3 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.10.14 , ≤ 6.10.* (semver)
Unaffected: 6.11.3 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:30:36.265660Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:41.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:42:50.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/reparse.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7b222d6cb87077faf56a687a72af1951cf78c8a9",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "73b078e3314d4854fd8286f3ba65c860ddd3a3dd",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "01cdddde39b065074fd48f07027757783cbf5b7d",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "ec79e6170bcae8a6036a4b6960f5e7e59a785601",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "c6db81c550cea0c73bd72ef55f579991e0e4ba07",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "803b3a39cb096d8718c0aebc03fd19f11c7dc919",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "c173d47b69f07cd7ca08efb4e458adbd4725d8e9",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            },
            {
              "lessThan": "e2a8910af01653c1c268984855629d71fb81f404",
              "status": "affected",
              "version": "d5ecebc4900df7f6e8dff0717574668885110553",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/reparse.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:43:31.483Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07"
        },
        {
          "url": "https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919"
        },
        {
          "url": "https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404"
        }
      ],
      "title": "cifs: Fix buffer overflow when parsing NFS reparse points",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49996",
    "datePublished": "2024-10-21T18:02:37.046Z",
    "dateReserved": "2024-10-21T12:17:06.056Z",
    "dateUpdated": "2026-05-11T20:43:31.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-49996",
      "date": "2026-06-08",
      "epss": "0.0002",
      "percentile": "0.05695"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-49996\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T18:15:19.760\",\"lastModified\":\"2025-11-03T21:16:45.107\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncifs: Fix buffer overflow when parsing NFS reparse points\\n\\nReparseDataLength is sum of the InodeType size and DataBuffer size.\\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\\nReparseDataLength.\\n\\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\\nat position after the end of the buffer because it does not subtract\\nInodeType size from the length. Fix this problem and correctly subtract\\nvariable len.\\n\\nMember InodeType is present only when reparse buffer is large enough. Check\\nfor ReparseDataLength before accessing InodeType to prevent another invalid\\nmemory access.\\n\\nMajor and minor rdev values are present also only when reparse buffer is\\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige el desbordamiento de b\u00fafer al analizar los puntos de an\u00e1lisis de NFS ReparseDataLength es la suma del tama\u00f1o de InodeType y el tama\u00f1o de DataBuffer. Por lo tanto, para obtener el tama\u00f1o de DataBuffer, es necesario restar el tama\u00f1o de InodeType de ReparseDataLength. La funci\u00f3n cifs_strndup_from_utf16() est\u00e1 accediendo actualmente a buf-\u0026gt;DataBuffer en la posici\u00f3n despu\u00e9s del final del b\u00fafer porque no resta el tama\u00f1o de InodeType de la longitud. Solucione este problema y reste correctamente la variable len. El miembro InodeType solo est\u00e1 presente cuando el b\u00fafer de an\u00e1lisis es lo suficientemente grande. Verifique ReparseDataLength antes de acceder a InodeType para evitar otro acceso no v\u00e1lido a la memoria. Los valores rdev principales y secundarios tambi\u00e9n est\u00e1n presentes solo cuando el b\u00fafer de an\u00e1lisis es lo suficientemente grande. Verifique el tama\u00f1o del b\u00fafer de an\u00e1lisis antes de llamar a reparse_mkdev().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"6.6.55\",\"matchCriteriaId\":\"93FE9DDB-76BE-4920-9078-D8278AF553B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.14\",\"matchCriteriaId\":\"4C16BCE0-FFA0-4599-BE0A-1FD65101C021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.11\",\"versionEndExcluding\":\"6.11.3\",\"matchCriteriaId\":\"54D9C704-D679-41A7-9C40-10A6B1E7FFE9\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-49996\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T13:30:36.265660Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T13:30:39.403Z\"}}], \"cna\": {\"title\": \"cifs: Fix buffer overflow when parsing NFS reparse points\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"7b222d6cb87077faf56a687a72af1951cf78c8a9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"73b078e3314d4854fd8286f3ba65c860ddd3a3dd\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"01cdddde39b065074fd48f07027757783cbf5b7d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"ec79e6170bcae8a6036a4b6960f5e7e59a785601\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"c6db81c550cea0c73bd72ef55f579991e0e4ba07\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"803b3a39cb096d8718c0aebc03fd19f11c7dc919\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"c173d47b69f07cd7ca08efb4e458adbd4725d8e9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d5ecebc4900df7f6e8dff0717574668885110553\", \"lessThan\": \"e2a8910af01653c1c268984855629d71fb81f404\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/smb/client/reparse.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.3\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.3\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.287\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.231\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.174\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.120\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.55\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.14\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/smb/client/reparse.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/7b222d6cb87077faf56a687a72af1951cf78c8a9\"}, {\"url\": \"https://git.kernel.org/stable/c/73b078e3314d4854fd8286f3ba65c860ddd3a3dd\"}, {\"url\": \"https://git.kernel.org/stable/c/01cdddde39b065074fd48f07027757783cbf5b7d\"}, {\"url\": \"https://git.kernel.org/stable/c/ec79e6170bcae8a6036a4b6960f5e7e59a785601\"}, {\"url\": \"https://git.kernel.org/stable/c/c6db81c550cea0c73bd72ef55f579991e0e4ba07\"}, {\"url\": \"https://git.kernel.org/stable/c/803b3a39cb096d8718c0aebc03fd19f11c7dc919\"}, {\"url\": \"https://git.kernel.org/stable/c/c173d47b69f07cd7ca08efb4e458adbd4725d8e9\"}, {\"url\": \"https://git.kernel.org/stable/c/e2a8910af01653c1c268984855629d71fb81f404\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncifs: Fix buffer overflow when parsing NFS reparse points\\n\\nReparseDataLength is sum of the InodeType size and DataBuffer size.\\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\\nReparseDataLength.\\n\\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\\nat position after the end of the buffer because it does not subtract\\nInodeType size from the length. Fix this problem and correctly subtract\\nvariable len.\\n\\nMember InodeType is present only when reparse buffer is large enough. Check\\nfor ReparseDataLength before accessing InodeType to prevent another invalid\\nmemory access.\\n\\nMajor and minor rdev values are present also only when reparse buffer is\\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.287\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.231\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.174\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.120\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.55\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.14\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11.3\", \"versionStartIncluding\": \"5.3\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12\", \"versionStartIncluding\": \"5.3\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:43:17.347Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-49996\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:43:17.347Z\", \"dateReserved\": \"2024-10-21T12:17:06.056Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-21T18:02:37.046Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.