CVE-2024-42307

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path

Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() error: we previously assumed 'serverclose_wq' could be null (see line 1895)

The patch which introduced the serverclose workqueue used the wrong oredering in error paths in init_cifs() for freeing it on errors.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8c99dfb49bdc17edffc7ff3d46b400c8c291686c < 6018971710fdc7739f8655c1540832b4bb903671affected
LinuxLinux6f17163b9339fac92023a1d9bef22128db3b9a4b < 160235efb4f9b55212dedff5de0094c606c4b303affected
LinuxLinux173217bd73365867378b5e75a86f0049e1069ee8 < 3739d711246d8fbc95ff73dbdace9741cdce4777affected
LinuxLinux173217bd73365867378b5e75a86f0049e1069ee8 < 193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2affected
LinuxLinux40a5d14c9d3b585d55d3209fb5efe202dcaac926affected
LinuxLinux6.1.85 < 6.1.103affected
LinuxLinux6.6.26 < 6.6.44affected
LinuxLinux6.8.5 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References