CVE-2024-26828

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26828
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26828.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26828
Downstream
Related
Published
2024-04-17T10:15:09Z
Modified
2025-08-09T19:01:28Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix underflow in parseserverinterfaces()

In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet while sizeof() is type sizet. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.

References

Affected packages