CVE-2024-50283

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < cb645064e0811053c94e86677f2e58ed29359d62affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < f7557bbca40d4ca8bb1c6c940ac6c95078bd0827affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < c6cdc08c25a868a08068dfc319fa9fce982b8e7faffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 1b6ad475d4ed577d34e0157eb507be00c588bf5caffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < b8fc56fbca7482c1e5c0e3351c6ae78982e25adaaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References