**Name of the Vulnerable Software and Affected Versions:**

Linux kernel (affected versions not specified)

**Description:**

A use-after-free condition exists in the SMB client within the Linux kernel's `crypt message()` function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 removed asynchronous crypto handling, assuming all crypto operations were synchronous. However, hardware crypto accelerators can still trigger asynchronous operations, leading to the premature freeing of the request buffer while the operation is still in progress. Subsequently, accessing this freed memory results in kernel crashes due to NULL pointer dereferences. The issue arises because `crypto alloc aead()` with a mask of 0 does not guarantee synchronous operation, and asynchronous implementations can be selected even without `CRYPTO ALG ASYNC` in the mask.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.