CVE-2024-50120

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50120
In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocation fails, return -ENOMEM. If ses->password2 allocation fails, free ses->password, set it to NULL, and return -ENOMEM.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37 Patch
https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8 Patch
https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
History

08 Nov 2024, 18:04

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37 - () https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37 - Patch
References () https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8 - () https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8 - Patch
References () https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc - () https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc - Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE NVD-CWE-noinfo

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Manejar errores de kstrdup para contraseñas. En smb3_reconfigure(), después de duplicar ctx->password y ctx->password2 con kstrdup(), debemos verificar si hay errores de asignación. Si la asignación de ses->password falla, devuelva -ENOMEM. Si la asignación de ses->password2 falla, libere ses->password, configúrelo en NULL y devuelva -ENOMEM.

05 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-05 18:15

Updated : 2024-11-08 18:04

NVD link : CVE-2024-50120

Mitre link : CVE-2024-50120

CVE.ORG link : CVE-2024-50120

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024