CVE-2024-49988

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-49988
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn struct so that it can be freed when it is no longer used.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa Patch
https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b Patch
https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c Patch
https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

28 Oct 2024, 16:38

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux
CWE CWE-416
References () https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa - () https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa - Patch
References () https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b - () https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b - Patch
References () https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c - () https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c - Patch
References () https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27 - () https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27 - Patch

23 Oct 2024, 15:13

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: agregar refcnt a la estructura ksmbd_conn Al enviar una solicitud de interrupción de oplock, se utiliza opinfo->conn, pero freed ->conn se puede utilizar en multicanal. Este parche agrega un recuento de referencia a la estructura ksmbd_conn para que se pueda liberar cuando ya no se utiliza.

21 Oct 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-21 18:15

Updated : 2024-10-28 16:38

NVD link : CVE-2024-49988

Mitre link : CVE-2024-49988

CVE.ORG link : CVE-2024-49988

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024