CVE-2024-35864 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1
https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb
https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5
https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4
https://lore.kernel.org/linux-cve-announce/2024051938-CVE-2024-35864-3536@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35864
https://www.cve.org/CVERecord?id=CVE-2024-35864

History

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-19T08:34:22.936Z

Updated: 2024-11-05T09:23:58.743Z

Reserved: 2024-05-17T13:50:33.107Z

Link: CVE-2024-35864

Vulnrichment

Updated: 2024-08-02T03:21:48.471Z

NVD

Status : Awaiting Analysis

Published: 2024-05-19T09:15:07.957

Modified: 2024-05-20T13:00:04.957

Link: CVE-2024-35864

Redhat

Severity : Low

Publid Date: 2024-05-19T00:00:00Z

Links: CVE-2024-35864 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35864", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.107Z", "datePublished": "2024-05-19T08:34:22.936Z", "dateUpdated": "2024-11-05T09:23:58.743Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:23:58.743Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/smb2misc.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "c868cabdf6fd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f92739fdd452", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a8344e2b69bd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "705c76fbf726", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/smb2misc.c"], "versions": [{"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5"}, {"url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4"}, {"url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb"}, {"url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1"}], "title": "smb: client: fix potential UAF in smb2_is_valid_lease_break()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-29T18:32:19.453857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:05.415Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.471Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.471Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-29T18:32:19.453857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T18:32:23.849Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "smb: client: fix potential UAF in smb2_is_valid_lease_break()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "c868cabdf6fd", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f92739fdd452", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a8344e2b69bd", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "705c76fbf726", "versionType": "git"}], "programFiles": ["fs/smb/client/smb2misc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.85", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/smb/client/smb2misc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5"}, {"url": "https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4"}, {"url": "https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb"}, {"url": "https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:30:20.455Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35864", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:21:48.471Z", "dateReserved": "2024-05-17T13:50:33.107Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-19T08:34:22.936Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: smb: client: fix potential UAF in smb2_is_valid_lease_break()", "id": "2281769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281769"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "A use-after-free flaw was found in the Linux kernel in smb smb2_is_valid_lease_break() when exiting a session. This flaw allows a local attacker to crash the system."], "name": "CVE-2024-35864", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35864\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35864\nhttps://lore.kernel.org/linux-cve-announce/2024051938-CVE-2024-35864-3536@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.85, kernel 6.6.26, kernel 6.8.5, kernel 6.9"}