CVE-2024-50286

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Linux kernel's ksmbd server is affected by a slab-use-after-free issue in the ksmbd smb2 session create function, caused by a race condition between ksmbd smb2 session create and ksmbd expire session. This issue can be exploited to impact the confidentiality, integrity, and availability of protected information. Although the vulnerable versions are not explicitly stated, a patch has been released to resolve the issue by adding a missing sessions table lock when adding or deleting sessions from the global session table. An exploit for this issue could potentially allow an attacker to compromise the security of the system. #LinuxKernel #ksmbd #SlabUseAfterFree #RaceCondition #Exploit #LinuxSecurity

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-16040

ALT-PU-2024-17211

ALT-PU-2024-17891

ALT-PU-2025-12647

BDU:2025-00148

CVE-2024-50286

DLA-4008-1

DSA-5818-1

OESA-2024-2522

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2024-50286

Weakness Enumeration

Related Identifiers

Affected Products

References · 1170