CVE-2024-0565 MEDIUM

CVE-2024-0565: Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-191
Published January 15, 2024
Last update November 6, 2025

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Key dates

02Disclosure timeline

January 15, 2024 CVE published
November 6, 2025 Record updated