CVE-2024-50151: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50151 is a vulnerability in the Linux kernel's SMB client implementation that was discovered in 2024. The issue occurs when using encryption (either server-enforced or when using the 'seal' mount option) where the client squashes all compound request buffers for encryption into a single iov in smb2setnext_command(). The vulnerability was disclosed on November 7, 2024, affecting multiple versions of the Linux kernel from 5.0 through 6.11.6 (NVD).

The vulnerability is an out-of-bounds write issue in the SMB2ioctlinit() function. When processing SMB2IOCTL requests, the function allocates a small buffer (448 bytes) to hold the request in the first iov. If a user passes an input buffer greater than 328 bytes, smb2setnextcommand() writes beyond the end of rqst->iov[0].iov_base. This occurs specifically when encryption is enabled. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to out-of-bounds write operations in the kernel's memory space when processing SMB requests with encryption enabled. This could potentially result in privilege escalation, system crashes, or information disclosure on affected systems (NVD).

The vulnerability has been fixed in multiple Linux kernel versions through patches that add buffer size validation before processing SMB2IOCTL requests. The fix includes checking for potential buffer overflow conditions when encryption is required and returning an error if the total length would exceed MAXCIFSSMALLBUFFER_SIZE. Users should update to patched kernel versions (Kernel Patch).