7.8
CVE-2024-26928
- EPSS 0.28%
- Veröffentlicht 28.04.2024 12:15:21
- Zuletzt bearbeitet 01.12.2025 15:16:20
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smb: client: fix potential UAF in cifs_debug_files_proc_show()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version11.0
Linux ≫ Linux Kernel Version >= 4.20 < 5.10.237
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.180
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.85
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.26
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.5
Linux ≫ Linux Kernel Version6.9 Updaterc1
Linux ≫ Linux Kernel Version6.9 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.191 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88
https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1
https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d
https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502
https://git.kernel.org/stable/c/a140224bcf87eb98a87b67ff4c6826c57e47b704
https://git.kernel.org/stable/c/8f8718afd446cd4ea3b62bacc3eec09f8aae85ee
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html