7.8

CVE-2024-50286

ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

There is a race condition between ksmbd_smb2_session_create and
ksmbd_expire_session. This patch add missing sessions_table_lock
while adding/deleting session from global session table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.1.117
LinuxLinux Kernel Version >= 6.2 < 6.6.61
LinuxLinux Kernel Version >= 6.7 < 6.11.8
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.181
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/0a77715db22611df50b178374c51e2ba0d58866e
Patch
https://git.kernel.org/stable/c/e7a2ad2044377853cf8c59528dac808a08a99c72
Patch
https://git.kernel.org/stable/c/e923503a56b3385b64ae492e3225e4623f560c5b
Patch
https://git.kernel.org/stable/c/f56446ba5378d19e31040b548a14ee9a8f1500ea
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html