CVE-2024-50283

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*

History

21 Nov 2024, 21:13

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1b6ad475d4ed577d34e0157eb507be00c588bf5c - () https://git.kernel.org/stable/c/1b6ad475d4ed577d34e0157eb507be00c588bf5c - Patch
References () https://git.kernel.org/stable/c/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada - () https://git.kernel.org/stable/c/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada - Patch
References () https://git.kernel.org/stable/c/c6cdc08c25a868a08068dfc319fa9fce982b8e7f - () https://git.kernel.org/stable/c/c6cdc08c25a868a08068dfc319fa9fce982b8e7f - Patch
References () https://git.kernel.org/stable/c/f7557bbca40d4ca8bb1c6c940ac6c95078bd0827 - () https://git.kernel.org/stable/c/f7557bbca40d4ca8bb1c6c940ac6c95078bd0827 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
First Time Linux linux Kernel
Linux
CWE CWE-416
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

19 Nov 2024, 21:57

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige slab-use-after-free en smb3_preauth_hash_rsp. ksmbd_user_session_put debe llamarse bajo smb3_preauth_hash_rsp(). Esto evitará liberar la sesión antes de llamar a smb3_preauth_hash_rsp().

19 Nov 2024, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-19 02:16

Updated : 2024-11-21 21:13


NVD link : CVE-2024-50283

Mitre link : CVE-2024-50283

CVE.ORG link : CVE-2024-50283


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free