CVE-2024-49988

MEDIUM EPSS 14.0%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn struct so that it can be freed when it is no longer used.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel* <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3

References 4

  • git.kernel.org https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27
    Patch