PT-2024-32159 · Linux+2 · Linux Kernel+2

Published

2024-09-03

Updated

2025-06-12

CVE-2024-46736

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The issue is related to a double put of @cfile in smb2 rename path(). When smb2 set path attr() is called with a valid @cfile and returns -EINVAL, it is necessary to call cifs get writable path() again because the reference of @cfile was already dropped by the previous smb2 compound op() call.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider restricting the use of the smb2 rename path() function until a patch is available. Additionally, avoid using the smb2 set path attr() function with a valid @cfile that may return -EINVAL, as this can cause the reference of @cfile to be dropped prematurely.

Exploit

Fix

Improper Resource Release

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-415

Related Identifiers

BDU:2026-03544

CVE-2024-46736

MGASA-2024-0316

MGASA-2024-0318

OESA-2024-2219

OPENSUSE-SU-2025_1177-1

OPENSUSE-SU-2025_1178-1

OPENSUSE-SU-2025_1180-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

SUSE-SU-2025:20190-1

SUSE-SU-2025:20192-1

SUSE-SU-2025:20260-1

SUSE-SU-2025:20270-1

SUSE-SU-2025_1177-1

SUSE-SU-2025_1178-1

SUSE-SU-2025_1180-1

Affected Products

Linux Kernel

Red Os

Suse

PT-2024-32159 · Linux+2 · Linux Kernel+2

CVE-2024-46736

Weakness Enumeration

Related Identifiers

Affected Products

References · 1284