PT-2024-26835 · Linux+6 · Linux Kernel+6

Published

2024-04-25

Updated

2026-05-26

CVE-2024-35999

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description A missing lock when picking a channel in the smb3 module of the Linux kernel has been identified. This issue was spotted by Coverity, which reported a data race condition due to the missing lock. The problem occurs when accessing the ses channel index without holding the channel lock.

Recommendations Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the smb3 module until a patch is available.

Exploit

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

AZL-59474

BDU:2025-03062

CVE-2024-35999

MGASA-2024-0263

MGASA-2024-0266

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-26835 · Linux+6 · Linux Kernel+6

CVE-2024-35999

Weakness Enumeration

Related Identifiers

Affected Products

References · 2761