CVE-2024-46796

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The vulnerability is related to a use-after-free issue in the smb2 set path size() function. When smb2 compound op() is called with a valid @cfile and returns -EINVAL, the reference to @cfile is dropped, but the function may retry the operation without calling cifs get writable path() first. This can lead to a slab-use-after-free error, as seen in the KASAN splat when running fstests generic/013 against Windows Server 2022.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the smb2 set path size() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.

Note: The provided information does not specify the exact vulnerable versions, but it mentions that the issue is fixed in Linux kernel version 6.6.52. Therefore, it is assumed that versions prior to 6.6.52 are vulnerable.