{"vulnerability": "CVE-2024-50047", "sightings": [{"uuid": "6e8742b1-6921-44fb-ae61-a60c8a28295c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50047", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mgcppw5l6dj2", "content": "", "creation_timestamp": "2026-03-05T11:41:46.971311Z"}, {"uuid": "ed36c756-ecdc-43f3-90c2-28456b5f899f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50047", "type": "seen", "source": "https://t.me/cvedetector/8557", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50047 - CIFS File System Async Decryption UAF\", \n  \"Content\": \"CVE ID : CVE-2024-50047 \nPublished : Oct. 21, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsmb: client: fix UAF in async decryption  \n  \nDoing an async decryption (large read) crashes with a  \nslab-use-after-free way down in the crypto API.  \n  \nReproducer:  \n    # mount.cifs -o ...,seal,esize=1 //srv/share /mnt  \n    # dd if=/mnt/largefile of=/dev/null  \n    ...  \n    [  194.196391] ==================================================================  \n    [  194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110  \n    [  194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899  \n    [  194.197707]  \n    [  194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43  \n    [  194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014  \n    [  194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]  \n    [  194.200032] Call Trace:  \n    [  194.200191]    \n    [  194.200327]  dump_stack_lvl+0x4e/0x70  \n    [  194.200558]  ? gf128mul_4k_lle+0xc1/0x110  \n    [  194.200809]  print_report+0x174/0x505  \n    [  194.201040]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10  \n    [  194.201352]  ? srso_return_thunk+0x5/0x5f  \n    [  194.201604]  ? __virt_addr_valid+0xdf/0x1c0  \n    [  194.201868]  ? gf128mul_4k_lle+0xc1/0x110  \n    [  194.202128]  kasan_report+0xc8/0x150  \n    [  194.202361]  ? gf128mul_4k_lle+0xc1/0x110  \n    [  194.202616]  gf128mul_4k_lle+0xc1/0x110  \n    [  194.202863]  ghash_update+0x184/0x210  \n    [  194.203103]  shash_ahash_update+0x184/0x2a0  \n    [  194.203377]  ? __pfx_shash_ahash_update+0x10/0x10  \n    [  194.203651]  ? srso_return_thunk+0x5/0x5f  \n    [  194.203877]  ? crypto_gcm_init_common+0x1ba/0x340  \n    [  194.204142]  gcm_hash_assoc_remain_continue+0x10a/0x140  \n    [  194.204434]  crypt_message+0xec1/0x10a0 [cifs]  \n    [  194.206489]  ? __pfx_crypt_message+0x10/0x10 [cifs]  \n    [  194.208507]  ? srso_return_thunk+0x5/0x5f  \n    [  194.209205]  ? srso_return_thunk+0x5/0x5f  \n    [  194.209925]  ? srso_return_thunk+0x5/0x5f  \n    [  194.210443]  ? srso_return_thunk+0x5/0x5f  \n    [  194.211037]  decrypt_raw_data+0x15f/0x250 [cifs]  \n    [  194.212906]  ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]  \n    [  194.214670]  ? srso_return_thunk+0x5/0x5f  \n    [  194.215193]  smb2_decrypt_offload+0x12a/0x6c0 [cifs]  \n  \nThis is because TFM is being used in parallel.  \n  \nFix this by allocating a new AEAD TFM for async decryption, but keep  \nthe existing one for synchronous READ cases (similar to what is done  \nin smb3_calc_signature()).  \n  \nAlso remove the calls to aead_request_set_callback() and  \ncrypto_wait_req() since it's always going to be a synchronous operation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T22:43:10.000000Z"}, {"uuid": "b47445e4-5b51-4bfb-b49f-227e4301c244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-50047", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}]}