CVE-2024-26928 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88
https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1
https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d
https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502
https://lore.kernel.org/linux-cve-announce/2024042849-CVE-2024-26928-e543@gregkh/
https://nvd.nist.gov/vuln/detail/CVE-2024-26928
https://www.cve.org/CVERecord?id=CVE-2024-26928

History

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T11:28:01.529Z

Updated: 2024-11-05T09:18:21.170Z

Reserved: 2024-02-19T14:20:24.195Z

Link: CVE-2024-26928

Vulnrichment

Updated: 2024-08-02T00:21:05.608Z

NVD

Status : Awaiting Analysis

Published: 2024-04-28T12:15:21.140

Modified: 2024-04-29T12:42:03.667

Link: CVE-2024-26928

Redhat

Severity : Low

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2024-26928 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26928", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.195Z", "datePublished": "2024-04-28T11:28:01.529Z", "dateUpdated": "2024-11-05T09:18:21.170Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:18:21.170Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cifs_debug.c", "fs/smb/client/cifsglob.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "229042314602", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a65f2b56334b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3402faf78b25", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ca545b7f0823", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cifs_debug.c", "fs/smb/client/cifsglob.h"], "versions": [{"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88"}, {"url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d"}, {"url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1"}, {"url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502"}], "title": "smb: client: fix potential UAF in cifs_debug_files_proc_show()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26928", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T18:40:05.314661Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:49.733Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.608Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.608Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26928", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T18:40:05.314661Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:44.068Z"}}], "cna": {"title": "smb: client: fix potential UAF in cifs_debug_files_proc_show()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "229042314602", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a65f2b56334b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "3402faf78b25", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ca545b7f0823", "versionType": "git"}], "programFiles": ["fs/smb/client/cifs_debug.c", "fs/smb/client/cifsglob.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.85", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/smb/client/cifs_debug.c", "fs/smb/client/cifsglob.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88"}, {"url": "https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d"}, {"url": "https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1"}, {"url": "https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:18:21.170Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26928", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:18:21.170Z", "dateReserved": "2024-02-19T14:20:24.195Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-28T11:28:01.529Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: smb: client: potential use-after-free in cifs_debug_files_proc_show()", "id": "2277937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277937"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "A flaw was found in the Linux kernel. The following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show()."], "name": "CVE-2024-26928", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26928\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26928\nhttps://lore.kernel.org/linux-cve-announce/2024042849-CVE-2024-26928-e543@gregkh/"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.85, kernel 6.6.26, kernel 6.8.5, kernel 6.9-rc3"}