CVE-2024-50283: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <6.1.117 | |
| Linux Kernel | >=6.2<6.6.61 | |
| Linux Kernel | >=6.7<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/cb645064e0811053c94e86677f2e58ed29359d62
- https://git.kernel.org/stable/c/f7557bbca40d4ca8bb1c6c940ac6c95078bd0827
- https://git.kernel.org/stable/c/c6cdc08c25a868a08068dfc319fa9fce982b8e7f
- https://git.kernel.org/stable/c/1b6ad475d4ed577d34e0157eb507be00c588bf5c
- https://git.kernel.org/stable/c/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50283
- https://nvd.nist.gov/vuln/detail/CVE-2024-50283
- https://launchpad.net/bugs/cve/CVE-2024-50283
- https://security-tracker.debian.org/tracker/CVE-2024-50283
- https://ubuntu.com/security/CVE-2024-50283
- https://git.kernel.org/linus/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada
Frequently Asked Questions
What is the severity of CVE-2024-50283?
CVE-2024-50283 is considered to be of medium severity due to the potential for use-after-free vulnerabilities in the Linux kernel's ksmbd.
How do I fix CVE-2024-50283?
To fix CVE-2024-50283, update to a fixed version of the Linux kernel that addresses the issue, such as versions after the vulnerability was patched.
Which versions of the Linux kernel are affected by CVE-2024-50283?
CVE-2024-50283 affects multiple versions of the Linux kernel including those between 6.2 and 6.1.117, 6.7 and 6.11.8, as well as specific release candidates.
What component of the Linux kernel is impacted by CVE-2024-50283?
CVE-2024-50283 impacts the ksmbd component of the Linux kernel, specifically in the handling of smb3_preauth_hash_rsp.
What are the implications of not addressing CVE-2024-50283?
Failure to address CVE-2024-50283 could lead to security risks, potentially allowing attackers to exploit memory corruption vulnerabilities.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/trending
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- collector/nvd-cve
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian