CVE-2024-46686

smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()

Description

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7 patch
https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2 patch
https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc patch
https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf patch

Frequently Asked Questions

What is the severity of CVE-2024-46686?
CVE-2024-46686 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46686?
To fix CVE-2024-46686, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46686 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46686 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46686?
CVE-2024-46686 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.