PT-2024-35625 · Linux+5 · Linux Kernel+5
Jay Shin
·
Published
2024-11-17
·
Updated
2026-05-26
·
CVE-2024-53179
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A use-after-free issue has been reported in the Linux kernel, specifically in the SMB client, when using SMB2.1 + sign mounts. This occurs due to a race condition between tasks A and B, where
cifs mount() and cifs send recv() are executed concurrently, leading to the use-after-free of the @ses->auth key.response key. The issue is resolved by ensuring that a valid @ses->auth key.response is available by checking the @ses->ses status with @ses->ses lock held.Recommendations
To resolve this issue, ensure that the Linux kernel is updated to a version that includes the fix for the use-after-free issue in the SMB client. As a temporary workaround, consider restricting access to the SMB client until a patch is available. Additionally, ensure that the
@ses->ses status is checked with @ses->ses lock held to prevent the use-after-free of the @ses->auth key.response key.Exploit
Fix
Double Free
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu