CVE-2024-26592

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on struct tcp_transport in ksmbd_tcp_new_connection() function.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa848c4f15ab6d5d405dbee7de5da71839b2bf35e < 999daf367b924fdf14e9d83e034ee0f86bc17ec6affected
LinuxLinuxa848c4f15ab6d5d405dbee7de5da71839b2bf35e < 380965e48e9c32ee4263c023e1d830ea7e462ed1affected
LinuxLinuxa848c4f15ab6d5d405dbee7de5da71839b2bf35e < 24290ba94cd0136e417283b0dbf8fcdabcf62111affected
LinuxLinuxa848c4f15ab6d5d405dbee7de5da71839b2bf35e < 69d54650b751532d1e1613a4fb433e591aeef126affected
LinuxLinuxa848c4f15ab6d5d405dbee7de5da71839b2bf35e < 38d20c62903d669693a1869aa68c4dd5674e2544affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.75 <= 6.1.*unaffected
LinuxLinux6.6.14 <= 6.6.*unaffected
LinuxLinux6.7.2 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References