CVE-2024-50286
- Source
- https://cve.org/CVERecord?id=CVE-2024-50286
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50286.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50286
- Downstream
- Related
- Published
- 2024-11-19T01:30:29.948Z
- Modified
- 2026-03-09T23:55:29.999597Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-use-after-free in ksmbdsmb2session_create
There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstable_lock while adding/deleting session from global session table.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50286.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0a77715db22611df50b178374c51e2ba0d58866e
- https://git.kernel.org/stable/c/e7a2ad2044377853cf8c59528dac808a08a99c72
- https://git.kernel.org/stable/c/e923503a56b3385b64ae492e3225e4623f560c5b
- https://git.kernel.org/stable/c/f56446ba5378d19e31040b548a14ee9a8f1500ea
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50286.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-50286
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixedf56446ba5378d19e31040b548a14ee9a8f1500eaFixede923503a56b3385b64ae492e3225e4623f560c5bFixede7a2ad2044377853cf8c59528dac808a08a99c72Fixed0a77715db22611df50b178374c51e2ba0d58866e