CVE-2024-57925

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A missing return value check bug in the ksmbd module has been resolved. The issue occurs in the smb2 send interim resp() function when ksmbd alloc work struct() fails to allocate a node, returning a NULL pointer to the in work pointer. This can lead to an illegal memory write of in work->response buf when allocate interim rsp buf() attempts to perform a kzalloc() on it. The fix incorporates a check for the return value of ksmbd alloc work struct(), ensuring the function returns immediately upon allocation failure, preventing the illegal memory access.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the ksmbd module until a patch is available. Restrict access to the smb2 send interim resp() function to minimize the risk of exploitation. Avoid using the in work pointer in the affected function until the issue is resolved.