CVE-2024-26594: 
CBL Mariner vulnerability analysis and mitigation

CVE-2024-26594 is a vulnerability in the Linux kernel's ksmbd component that was discovered and disclosed on February 23, 2024. The vulnerability specifically affects the validation of mech tokens in session setup requests. When a client sends an invalid mech token during session setup, the ksmbd component failed to properly validate it, potentially leading to security issues. This vulnerability affects multiple versions of the Linux kernel, including versions up to 5.15.149, versions from 5.16.0 to 6.1.75, versions from 6.2.0 to 6.6.14, and versions from 6.7.0 to 6.7.2 (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) with a CVSS v3.1 Base Score of 7.1 (HIGH), and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The technical issue stems from improper validation of user-supplied data in the SMB2 Mech Tokens handling, which could result in a read past the end of an allocated buffer. The vulnerability specifically affects systems with ksmbd enabled (ZDI).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of the Linux kernel. While authentication is not required to exploit this vulnerability, only systems with ksmbd enabled are vulnerable. An attacker could potentially leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel (ZDI).

The vulnerability has been patched in the Linux kernel. Multiple fixes have been released across different kernel versions, including version 5.15.0-106.116 for Ubuntu 22.04 LTS and version 6.5.0-41.41 for Ubuntu 23.10. The fix involves proper validation of mech tokens in session setup requests (Kernel Patch).