CVE-2024-49988

ksmbd: add refcnt to ksmbd_conn struct

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn struct so that it can be freed when it is no longer used.

References

Link	Tags
https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa	patch
https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b	patch
https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c	patch
https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27	patch

Frequently Asked Questions

What is the severity of CVE-2024-49988?: CVE-2024-49988 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49988?: To fix CVE-2024-49988, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49988 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-49988 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49988?: CVE-2024-49988 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions