PT-2024-32163 · Linux+6 · Linux Kernel+6

Published

2024-08-22

·

Updated

2026-05-26

·

CVE-2024-46742

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52
Description A null pointer dereference issue has been resolved in the Linux kernel. The issue occurs when req op level equals SMB2 OPLOCK LEVEL LEASE and parse lease state() returns NULL, causing a null pointer dereference of lease ctx info in smb2 open(). The fix involves checking if lease ctx info is NULL. Additionally, redundant parentheses have been removed from parse durable handle context().
Recommendations Update to Linux kernel version 6.6.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the smb2 open() function until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-12968
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49421
BDU:2025-05914
CVE-2024-46742
DLA-4193-1
DSA-5907-1
ECHO-C640-0E23-B14F
MGASA-2024-0316
MGASA-2024-0318
OESA-2024-2181
OESA-2024-2182
OESA-2024-2183
OESA-2024-2218
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu