7.8

CVE-2024-35867

smb: client: fix potential UAF in cifs_stats_proc_show()

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in cifs_stats_proc_show()

Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 4.20 < 5.10.237
LinuxLinux Kernel Version >= 5.11 < 5.15.181
LinuxLinux Kernel Version >= 5.16 < 6.1.85
LinuxLinux Kernel Version >= 6.2 < 6.6.26
LinuxLinux Kernel Version >= 6.7 < 6.8.5
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.176
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.openwall.com/lists/oss-security/2024/05/30/1
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/30/2
Mailing List
https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65
Patch
https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49
Patch
https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7
Patch
https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39
Patch
http://www.openwall.com/lists/oss-security/2024/05/29/2
Mailing List
https://git.kernel.org/stable/c/838ec01ea8d3deb5d123e8ed9022e8162dc3f503
Patch
https://git.kernel.org/stable/c/bb6570085826291dc392005f9fec16ea5da3c8ad
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Third Party Advisory
Mailing List