CVE-2024-50120

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Handle kstrdup failures for passwords

In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures.

If ses->password allocation fails, return -ENOMEM. If ses->password2 allocation fails, free ses->password, set it to NULL, and return -ENOMEM.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7e8cffa4f85e6839335d75e6b47f918d90c1d194 < 35dbac8c328d6afe937cd45ecd41d209d0b9f8b8affected
LinuxLinuxc1eb537bf4560b3ad4df606c266c665624f3b502 < 35488799b0ab6e4327f82e1d9209a60805665b37affected
LinuxLinuxc1eb537bf4560b3ad4df606c266c665624f3b502 < 9a5dd61151399ad5a5d69aad28ab164734c1e3bcaffected
LinuxLinuxe78308a6dcab1e53b38b8dd952e69c515cd324d7affected
LinuxLinux2a0fc63f1f4fccfeb367d0c57b8a243cec60c26caffected
LinuxLinux6.6.24 < 6.6.59affected
LinuxLinux6.7.12 < 6.8affected
LinuxLinux6.8.3 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.6.59 <= 6.6.*unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

References