Vulnerability in the Linux Kernel Affecting SMB Network Operations
CVE-2024-56729

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

Summary

A vulnerability in the Linux kernel impacts SMB network operations due to improper initialization of the 'cfid->tcon' field prior to executing network operations. This oversight can lead to a scenario where a lease break occurs concurrently with the opening of a cached directory. As a result, the process may inadvertently retain a reference to the tcon in the 'cached_dir_lease_break()' function. However, it might fail to release this reference properly in the 'cached_dir_offload_close()' function due to the 'cfid->tcon' being uninitialized (NULL). Addressing this vulnerability is essential to maintain filesystem integrity and prevent potential exploitation through reference leakage.

Affected Version(s)

Linux ebe98f1447bbccf8228335c62d86af02a0ed23f7 < 625e2357c8fcfae6e66dcc667dc656fe390bab15

Linux ebe98f1447bbccf8228335c62d86af02a0ed23f7 < 4b216c8f9c7d84ef7de33ca60b97e08e03ef3292

Linux ebe98f1447bbccf8228335c62d86af02a0ed23f7 < 1b9ab6b648f89441c8a13cb3fd8ca83ffebc5262

References

https://git.kernel.org/stable/c/625e2357c8fcfae6e66dcc667...

https://git.kernel.org/stable/c/4b216c8f9c7d84ef7de33ca60...

https://git.kernel.org/stable/c/1b9ab6b648f89441c8a13cb3f...

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 27, 2024

Collectors

NVD DatabaseMitre Database