CVE-2024-50286

ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

CVSS 7.8 HIGHEPSS 0.3%CWE-416

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Nov 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_expire_session. This patch add missing sessions_table_lock while adding/deleting session from global session table.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.kernel.org/stable/c/0a77715db22611df50b178374c51e2ba0d58866e https://git.kernel.org/stable/c/e7a2ad2044377853cf8c59528dac808a08a99c72 https://git.kernel.org/stable/c/e923503a56b3385b64ae492e3225e4623f560c5b https://git.kernel.org/stable/c/f56446ba5378d19e31040b548a14ee9a8f1500ea https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html