PT-2024-29856 · Linux+6 · Linux Kernel+6

Dan Carpenter

Published

2024-07-23

Updated

2025-09-29

CVE-2024-42307

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to a null pointer use in the destroy workqueue function within the init cifs error path in the Linux kernel's cifs component. This could potentially allow an attacker to cause a denial of service. The problem was identified by a Smack static checker warning in the fs/smb/client/cifsfs.c file, specifically at line 1981 in the init cifs function, where it was assumed that 'serverclose wq' could be null.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the cifs component until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-11855

ALT-PU-2024-11863

ALT-PU-2024-13121

BDU:2025-01422

CVE-2024-42307

DLA-4008-1

MGASA-2024-0309

MGASA-2024-0310

OESA-2024-2124

OPENSUSE-SU-2025_01620-1

OPENSUSE-SU-2025_01640-1

OPENSUSE-SU-2025_1177-1

OPENSUSE-SU-2025_1178-1

OPENSUSE-SU-2025_1180-1

SUSE-SU-2025:01620-1

SUSE-SU-2025:01640-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

SUSE-SU-2025:20190-1

SUSE-SU-2025:20192-1

SUSE-SU-2025:20260-1

SUSE-SU-2025:20270-1

SUSE-SU-2025_01620-1

SUSE-SU-2025_1177-1

SUSE-SU-2025_1178-1

SUSE-SU-2025_1180-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-29856 · Linux+6 · Linux Kernel+6

CVE-2024-42307

Weakness Enumeration

Related Identifiers

Affected Products

References · 2004