CVE-2024-26828

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512", "name": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512", "name": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204", "name": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204", "name": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301", "name": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301", "name": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308", "name": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308", "name": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need. However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t. That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-191"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-26828", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2024-04-17T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.2"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.79", "versionStartIncluding": "4.18"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-08T19:16Z"}