What is the severity of CVE-2024-50283?

CVE-2024-50283 is considered to be of medium severity due to the potential for use-after-free vulnerabilities in the Linux kernel's ksmbd.

How do I fix CVE-2024-50283?

To fix CVE-2024-50283, update to a fixed version of the Linux kernel that addresses the issue, such as versions after the vulnerability was patched.

Which versions of the Linux kernel are affected by CVE-2024-50283?

CVE-2024-50283 affects multiple versions of the Linux kernel including those between 6.2 and 6.1.117, 6.7 and 6.11.8, as well as specific release candidates.

What component of the Linux kernel is impacted by CVE-2024-50283?

CVE-2024-50283 impacts the ksmbd component of the Linux kernel, specifically in the handling of smb3_preauth_hash_rsp.

What are the implications of not addressing CVE-2024-50283?

Failure to address CVE-2024-50283 could lead to security risks, potentially allowing attackers to exploit memory corruption vulnerabilities.

Vulnerability/
CVE-2024-50283

high

7.8

CWE

416

19/11/2024

19/12/2024

CVE-2024-50283: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

First published: Tue Nov 19 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	<6.1.117
Linux Kernel	>=6.2<6.6.61
Linux Kernel	>=6.7<6.11.8
Linux Kernel	=6.12-rc1
Linux Kernel	=6.12-rc2
Linux Kernel	=6.12-rc3
Linux Kernel	=6.12-rc4
Linux Kernel	=6.12-rc5
Linux Kernel	=6.12-rc6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50283?
CVE-2024-50283 is considered to be of medium severity due to the potential for use-after-free vulnerabilities in the Linux kernel's ksmbd.
How do I fix CVE-2024-50283?
To fix CVE-2024-50283, update to a fixed version of the Linux kernel that addresses the issue, such as versions after the vulnerability was patched.
Which versions of the Linux kernel are affected by CVE-2024-50283?
CVE-2024-50283 affects multiple versions of the Linux kernel including those between 6.2 and 6.1.117, 6.7 and 6.11.8, as well as specific release candidates.
What component of the Linux kernel is impacted by CVE-2024-50283?
CVE-2024-50283 impacts the ksmbd component of the Linux kernel, specifically in the handling of smb3_preauth_hash_rsp.
What are the implications of not addressing CVE-2024-50283?
Failure to address CVE-2024-50283 could lead to security risks, potentially allowing attackers to exploit memory corruption vulnerabilities.

agent/title
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
agent/remedy
agent/severity
agent/softwarecombine
agent/weakness
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/6.2
version/linux kernel/6.7
version/linux kernel/6.12-rc1
version/linux kernel/6.12-rc2
version/linux kernel/6.12-rc3
version/linux kernel/6.12-rc4
version/linux kernel/6.12-rc5
version/linux kernel/6.12-rc6

Frequently Asked Questions

What is the severity of CVE-2024-50283?
CVE-2024-50283 is considered to be of medium severity due to the potential for use-after-free vulnerabilities in the Linux kernel's ksmbd.
How do I fix CVE-2024-50283?
To fix CVE-2024-50283, update to a fixed version of the Linux kernel that addresses the issue, such as versions after the vulnerability was patched.
Which versions of the Linux kernel are affected by CVE-2024-50283?
CVE-2024-50283 affects multiple versions of the Linux kernel including those between 6.2 and 6.1.117, 6.7 and 6.11.8, as well as specific release candidates.
What component of the Linux kernel is impacted by CVE-2024-50283?
CVE-2024-50283 impacts the ksmbd component of the Linux kernel, specifically in the handling of smb3_preauth_hash_rsp.
What are the implications of not addressing CVE-2024-50283?
Failure to address CVE-2024-50283 could lead to security risks, potentially allowing attackers to exploit memory corruption vulnerabilities.

CVE-2024-50283: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50283?

How do I fix CVE-2024-50283?

Which versions of the Linux kernel are affected by CVE-2024-50283?

What component of the Linux kernel is impacted by CVE-2024-50283?

What are the implications of not addressing CVE-2024-50283?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-50283?

How do I fix CVE-2024-50283?

Which versions of the Linux kernel are affected by CVE-2024-50283?

What component of the Linux kernel is impacted by CVE-2024-50283?

What are the implications of not addressing CVE-2024-50283?