CVE-2024-26592: ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

The race is between the handling of a new TCP connection and
its disconnection. It leads to UAF on `struct tcp_transport` in
ksmbd_tcp_new_connection() function.

Classification

CVE ID: CVE-2024-26592

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.38% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6
https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1
https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111
https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126
https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544

Timeline

2024-12-20 00:32:58 UTC
CVE

ksmbd: fix UAF issue in ksmbd_tcp_new_connection()