CVE-2024-49988: ksmbd: add refcnt to ksmbd_conn struct

0.0 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: add refcnt to ksmbd_conn struct

When sending an oplock break request, opinfo->conn is used,
But freed ->conn can be used on multichannel.
This patch add a reference count to the ksmbd_conn struct
so that it can be freed when it is no longer used.

Classification

CVE ID: CVE-2024-49988

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.06% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa
https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b
https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c
https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27

Timeline

2024-12-10 00:31:33 UTC
CVE

ksmbd: add refcnt to ksmbd_conn struct
2025-03-06 09:45:34 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-49988