smb: client: fix double put of @cfile in smb2_rename_path()

CVE-2024-46736

Currently unrated 🤨

Key Information

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2024

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() again as the reference of @cfile was already dropped by previous smb2_compound_op() call.

Affected Version(s)

Linux < 1e60bc0e9543

Linux < 1a46c7f6546b

Linux < 3523a3df03c6

Timeline

Vulnerability published.
Sep 18, 2024
Vulnerability Reserved.
Sep 11, 2024

Collectors

NVD DatabaseMitre Database