CVE-2024-50283

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp().

References

Link	Tags
https://git.kernel.org/stable/c/cb645064e0811053c94e86677f2e58ed29359d62
https://git.kernel.org/stable/c/f7557bbca40d4ca8bb1c6c940ac6c95078bd0827	patch
https://git.kernel.org/stable/c/c6cdc08c25a868a08068dfc319fa9fce982b8e7f	patch
https://git.kernel.org/stable/c/1b6ad475d4ed577d34e0157eb507be00c588bf5c	patch
https://git.kernel.org/stable/c/b8fc56fbca7482c1e5c0e3351c6ae78982e25ada	patch

Frequently Asked Questions

What is the severity of CVE-2024-50283?: CVE-2024-50283 has been scored as a high severity vulnerability.
How to fix CVE-2024-50283?: To fix CVE-2024-50283, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50283 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-50283 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50283?: CVE-2024-50283 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions