What is CVE-2024-26594?

CVE-2024-26594 is a vulnerability in Linux. Published 2024-02-23.

Is CVE-2024-26594 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linux

CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.

EPSS: 0.784 (99.5th percentile) — read the EPSS interpretation.

Affected products

Linux — versions 0626e6641f6b467447c81dd7678a69c66f7746cf, 5.15, 0

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b
git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9
git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a
git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e
git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d

Frequently asked questions

What is CVE-2024-26594?: CVE-2024-26594 is a vulnerability in Linux. Published 2024-02-23.
Is CVE-2024-26594 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.