In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix user-after-free from session log off
There is racy issue between smb2 session log off and smb2 session setup.
It will cause user-after-free from session log off.
This add session_lock when setting SMB2_SESSION_EXPIRED and referece
count to session struct not to free session while it is being used.
References
Configurations
Configuration 1 (hide)
|
History
08 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Oct 2024, 14:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/5511999e9615e4318e9142d23b29bd1597befc08 - Patch | |
References | () https://git.kernel.org/stable/c/7aa8804c0b67b3cb263a472d17f2cb50d7f1a930 - Patch | |
References | () https://git.kernel.org/stable/c/a9839c37fd813b432988f58a9d9dd59253d3eb2c - Patch | |
References | () https://git.kernel.org/stable/c/ee371898b53a9b9b51c02d22a8c31bfb86d45f0d - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
First Time |
Linux linux Kernel
Linux |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* |
|
CWE | CWE-416 |
29 Oct 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 01:15
Updated : 2024-11-08 16:15
NVD link : CVE-2024-50086
Mitre link : CVE-2024-50086
CVE.ORG link : CVE-2024-50086
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free