CVE-2024-26928

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in cifs_debug_files_proc_show()

Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e14075 < 8f8718afd446cd4ea3b62bacc3eec09f8aae85eeaffected
LinuxLinuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e14075 < a140224bcf87eb98a87b67ff4c6826c57e47b704affected
LinuxLinuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e14075 < 229042314602db62559ecacba127067c22ee7b88affected
LinuxLinuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e14075 < a65f2b56334ba4dc30bd5ee9ce5b2691b973344daffected
LinuxLinuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e14075 < 3402faf78b2516b0af1259baff50cc8453ef0bd1affected
LinuxLinuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e14075 < ca545b7f0823f19db0f1148d59bc5e1a56634502affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.10.237 <= 5.10.*unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.85 <= 6.1.*unaffected
LinuxLinux6.6.26 <= 6.6.*unaffected
LinuxLinux6.8.5 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References