CVE-2024-50283
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < cb645064e0811053c94e86677f2e58ed29359d62 | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < f7557bbca40d4ca8bb1c6c940ac6c95078bd0827 | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < c6cdc08c25a868a08068dfc319fa9fce982b8e7f | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 1b6ad475d4ed577d34e0157eb507be00c588bf5c | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < b8fc56fbca7482c1e5c0e3351c6ae78982e25ada | affected |
| Linux | Linux | 5.15 | affected |
| Linux | Linux | 0 < 5.15 | unaffected |
| Linux | Linux | 5.15.174 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.117 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.61 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.8 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/cb645064e0811053c94e86677f2e58ed29359d62
- https://git.kernel.org/stable/c/f7557bbca40d4ca8bb1c6c940ac6c95078bd0827
- https://git.kernel.org/stable/c/c6cdc08c25a868a08068dfc319fa9fce982b8e7f
- https://git.kernel.org/stable/c/1b6ad475d4ed577d34e0157eb507be00c588bf5c
- https://git.kernel.org/stable/c/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.