Addressing a Memory corruption vulnerability in the SMB2 Compound Operation
CVE-2024-46796

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2024

What is CVE-2024-46796?

A vulnerability exists in the Linux kernel affecting the SMB client, particularly in how the client manages the reference count of file handles when calling smb2_compound_op() with valid parameters. When an invalid operation results in a failure, the system inadvertently drops references to essential resources. This flaw can trigger memory access violations, leading to potential exploitation through slab-use-after-free errors. Specifically, it manifests when the generic filesystem tests attempt to mount network shares, which intensifies the risk of memory corruption and subsequent exploitation scenarios. This issue has been tracked using KASAN, highlighting the importance of file reference management in secure operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1e60bc0e954389af82f1d9a85f13a63f6572350f < 5a72d1edb0843e4c927a4096f81e631031c25c28

Linux 71f15c90e785d1de4bcd65a279e7256684c25c0d < 762099898309218b4a7954f3d49e985dc4dfd638

Linux 71f15c90e785d1de4bcd65a279e7256684c25c0d

References

https://git.kernel.org/stable/c/5a72d1edb0843e4c927a4096f...
https://git.kernel.org/stable/c/762099898309218b4a7954f3d...
https://git.kernel.org/stable/c/f9c169b51b6ce20394594ef67...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.