CVE-2024-35869

2024-05-1909:15:08

CWE-416

Linux

web.nvd.nist.gov

linux

kernel

vulnerability

resolved

use-after-free

dfs

referrals

mount

failover

nvd

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

smb: client: guarantee refcounted children from parent session

Avoid potential use-after-free bugs when walking DFS referrals,
mounting and performing DFS failover by ensuring that all children
from parent @tcon->ses are also refcounted. They’re all needed across
the entire DFS mount. Get rid of @tcon->dfs_ses_list while we’re at
it, too.

Affected configurations

Vulners

Node

linuxlinux_kernelRange6.6.0–6.6.29

linuxlinux_kernelRange6.7.0–6.8.5

linuxlinux_kernelRange6.9.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/client/cifsglob.h",
      "fs/smb/client/cifsproto.h",
      "fs/smb/client/connect.c",
      "fs/smb/client/dfs.c",
      "fs/smb/client/dfs.h",
      "fs/smb/client/dfs_cache.c",
      "fs/smb/client/misc.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "645f332c6b63",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "e1db9ae87b71",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "062a7f0ff46e",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/client/cifsglob.h",
      "fs/smb/client/cifsproto.h",
      "fs/smb/client/connect.c",
      "fs/smb/client/dfs.c",
      "fs/smb/client/dfs.h",
      "fs/smb/client/dfs_cache.c",
      "fs/smb/client/misc.c"
    ],
    "versions": [
      {
        "version": "6.6.29",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.5",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]