CVE-2024-50120
MEDIUM EPSS 11.7%
Published Nov 5, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Nov 5, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocation fails, return -ENOMEM. If ses->password2 allocation fails, free ses->password, set it to NULL, and return -ENOMEM.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
11.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 7
References 3
- git.kernel.org https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37
- git.kernel.org https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8
- git.kernel.org https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc
Remediation
- git.kernel.org https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37
- git.kernel.org https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8
- git.kernel.org https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc