CVE-2024-50283

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.119-1 Linux-6.1 versions prior to 6.1.119-1~deb11u1

Description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leaks. A specific issue involves a slab-use-after-free condition in the smb3 preauth hash rsp function within the ksmbd server, located in fs/smb/server/server.c. This occurs due to the ksmbd user session put function not being called under smb3 preauth hash rsp(), potentially freeing the session before it is used. The vulnerability in the handle ksmbd work() function within the CIFS/SMB3 server component of the Linux kernel is related to the reuse of previously freed memory. Exploitation of this issue could allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations Upgrade your linux packages to version 6.1.119-1 or later. Upgrade your linux-6.1 packages to version 6.1.119-1~deb11u1 or later.