In the Linux kernel, the following vulnerability has been resolved:
ksmbd: check outstanding simultaneous SMB operations
If Client send simultaneous SMB operations to ksmbd, It exhausts too much
memory through the "ksmbd_work_cache”. It will cause OOM issue.
ksmbd has a credit mechanism but it can't handle this problem. This patch
add the check if it exceeds max credits to prevent this problem by assuming
that one smb request consumes at least one credit.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-770 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
Fri, 22 Nov 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 19 Nov 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit. | |
Title | ksmbd: check outstanding simultaneous SMB operations | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-11-19T01:30:28.603Z
Updated: 2024-12-19T09:37:19.038Z
Reserved: 2024-10-21T19:36:19.984Z
Link: CVE-2024-50285
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-11-19T02:16:30.787
Modified: 2024-11-27T15:31:58.063
Link: CVE-2024-50285
Redhat