New patch to prevent OOM issue in ksmbd due to simultaneous SMB operations
CVE-2024-50285

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-50285?

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: check outstanding simultaneous SMB operations

If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit.

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 1f993777275cbd8f74765c4f9d9285cb907c9be5

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 0a77d947f599b1f39065015bec99390d0c0022ee

References

https://git.kernel.org/stable/c/1f993777275cbd8f74765c4f9...

https://git.kernel.org/stable/c/e257ac6fe138623cf59fca889...

https://git.kernel.org/stable/c/0a77d947f599b1f39065015be...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024