ghsa-g2cf-q8fg-whrr
Vulnerability from github
Published
2024-05-19 09:34
Modified
2024-07-03 18:42
Severity
Details
In the Linux kernel, the following vulnerability has been resolved:
smb: client: guarantee refcounted children from parent session
Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon->ses are also refcounted. They're all needed across the entire DFS mount. Get rid of @tcon->dfs_ses_list while we're at it, too.
{ "affected": [], "aliases": [ "CVE-2024-35869" ], "database_specific": { "cwe_ids": [ "CWE-416" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T09:15:08Z", "severity": "HIGH" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: guarantee refcounted children from parent session\n\nAvoid potential use-after-free bugs when walking DFS referrals,\nmounting and performing DFS failover by ensuring that all children\nfrom parent @tcon-\u003eses are also refcounted. They\u0027re all needed across\nthe entire DFS mount. Get rid of @tcon-\u003edfs_ses_list while we\u0027re at\nit, too.", "id": "GHSA-g2cf-q8fg-whrr", "modified": "2024-07-03T18:42:30Z", "published": "2024-05-19T09:34:46Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35869" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/062a7f0ff46eb57aff526897bd2bebfdb1d3046a" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/645f332c6b63499cc76197f9b6bffcc659ba64cc" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/e1db9ae87b7148c021daee1fcc4bc71b2ac58a79" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...