CVE-2024-35866

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-35866

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35866.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-35866

Downstream

BELL-CVE-2024-35866

DEBIAN-CVE-2024-35866

DLA-4193-1

DSA-5900-1

ECHO-4caa-4e0d-7617

RHSA-2024:9315

ROOT-OS-DEBIAN-11-CVE-2024-35866

ROOT-OS-UBUNTU-2204-CVE-2024-35866

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

UBUNTU-CVE-2024-35866

USN-6893-1

USN-6893-2

USN-6893-3

USN-6918-1

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

Related

Published

2024-05-19T08:34:24.877Z

Modified

2026-03-13T07:55:23.346475Z

Summary

smb: client: fix potential UAF in cifs_dump_full_key()

Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in cifsdumpfull_key()

Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35866.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1bb56810677f26b78d57a3038054943efd334a1c

Fixed

d798fd98e3563027c5162259ead517057d6fa794

Fixed

f4a60d360d9114b5085701a3702a0102b0d6d846

Fixed

10e17ca4000ec34737bde002a13435c38ace2682

Fixed

3103163ccd3be4adcfa37e15608fb497be044113

Fixed

58acd1f497162e7d282077f816faa519487be045

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35866.json"