CVE-2024-50120
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Handle kstrdup failures for passwords
In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures.
If ses->password allocation fails, return -ENOMEM. If ses->password2 allocation fails, free ses->password, set it to NULL, and return -ENOMEM.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7e8cffa4f85e6839335d75e6b47f918d90c1d194 < 35dbac8c328d6afe937cd45ecd41d209d0b9f8b8 | affected |
| Linux | Linux | c1eb537bf4560b3ad4df606c266c665624f3b502 < 35488799b0ab6e4327f82e1d9209a60805665b37 | affected |
| Linux | Linux | c1eb537bf4560b3ad4df606c266c665624f3b502 < 9a5dd61151399ad5a5d69aad28ab164734c1e3bc | affected |
| Linux | Linux | e78308a6dcab1e53b38b8dd952e69c515cd324d7 | affected |
| Linux | Linux | 2a0fc63f1f4fccfeb367d0c57b8a243cec60c26c | affected |
| Linux | Linux | 6.6.24 < 6.6.59 | affected |
| Linux | Linux | 6.7.12 < 6.8 | affected |
| Linux | Linux | 6.8.3 < 6.9 | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.6.59 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.6 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8
- https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37
- https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.