CVE-2024-46686

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()

This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxedf38e9f4269591d26b3783c0b348c9345580c3c < 6df57c63c200cd05e085c3b695128260e21959b7affected
LinuxLinuxa6559cc1d35d3eeafb0296aca347b2f745a28a74 < a01859dd6aebf826576513850a3b05992809e9d2affected
LinuxLinuxa6559cc1d35d3eeafb0296aca347b2f745a28a74 < b902fb78ab21299e4dd1775e7e8d251d5c0735bcaffected
LinuxLinuxa6559cc1d35d3eeafb0296aca347b2f745a28a74 < c724b2ab6a46435b4e7d58ad2fbbdb7a318823cfaffected
LinuxLinux74ab77137c99438626f4eb8134d8e26204bb5b64affected
LinuxLinux6.1.16 < 6.1.108affected
LinuxLinux6.2.3 < 6.3affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.1.108 <= 6.1.*unaffected
LinuxLinux6.6.49 <= 6.6.*unaffected
LinuxLinux6.10.8 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References