CVE-2024-50285: ksmbd: check outstanding simultaneous SMB operations
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <6.6.61 | |
| Linux Kernel | >=6.7<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | <=6.1.123-1<=6.1.128-1 | 5.10.223-1 5.10.226-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1f993777275cbd8f74765c4f9d9285cb907c9be5
- https://git.kernel.org/stable/c/e257ac6fe138623cf59fca8898abdf659dbc8356
- https://git.kernel.org/stable/c/0a77d947f599b1f39065015bec99390d0c0022ee
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50285
- https://nvd.nist.gov/vuln/detail/CVE-2024-50285
- https://launchpad.net/bugs/cve/CVE-2024-50285
- https://security-tracker.debian.org/tracker/CVE-2024-50285
- https://ubuntu.com/security/CVE-2024-50285
- https://git.kernel.org/linus/0a77d947f599b1f39065015bec99390d0c0022ee
Frequently Asked Questions
What is the severity of CVE-2024-50285?
CVE-2024-50285 has a high severity rating due to its potential to cause out-of-memory (OOM) issues by exhausting memory with simultaneous SMB operations.
How do I fix CVE-2024-50285?
To fix CVE-2024-50285, update to the latest version of the Linux Kernel that addresses this vulnerability.
Which versions of the Linux Kernel are affected by CVE-2024-50285?
CVE-2024-50285 affects Linux Kernel versions up to 6.6.61, between 6.7 and 6.11.8, and specific release candidates from 6.12.
What systems are at risk for CVE-2024-50285?
Systems running affected versions of the Linux Kernel with ksmbd enabled are at risk for CVE-2024-50285.
What impact does CVE-2024-50285 have on smb operations?
CVE-2024-50285 can lead to excessive memory consumption during simultaneous SMB operations, potentially resulting in service disruption.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian