CVE-2024-35869

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to a potential use-after-free bug in the Linux kernel's SMB client when walking DFS referrals, mounting, and performing DFS failover. This is resolved by ensuring all children from the parent session are refcounted, as they are needed across the entire DFS mount. The fix also involves getting rid of the dfs ses list.

Recommendations Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable SMB client functionality until a patch is applied.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2025-07414

CVE-2024-35869

ECHO-BF89-102F-2776

INFSA-2024_9315

MGASA-2024-0263

MGASA-2024-0266

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2385-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2495-1

SUSE-SU-2024:2939-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6893-1

USN-6893-2

USN-6893-3

USN-6918-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2024-35869

Weakness Enumeration

Related Identifiers

Affected Products

References · 3355