CVE-2024-49988

EPSS 0.04%
Published 21.10.2024 18:15:19
Last modified 28.10.2024 16:38:50
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: add refcnt to ksmbd_conn struct

When sending an oplock break request, opinfo->conn is used,
But freed ->conn can be used on multichannel.
This patch add a reference count to the ksmbd_conn struct
so that it can be freed when it is no longer used.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.6.55

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.14

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.109

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa

Patch

https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b

Patch

https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c

Patch

https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-49988

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49988

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49988

EUVD