CVE-2024-57925
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57925
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57925.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-57925
- Downstream
- Related
- Published
- 2025-01-19T12:15:26Z
- Modified
- 2025-08-09T20:01:25Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix a missing return value check bug
In the smb2sendinterimresp(), if ksmbdallocworkstruct() fails to allocate a node, it returns a NULL pointer to the inwork pointer. This can lead to an illegal memory write of inwork->responsebuf when allocateinterimrspbuf() attempts to perform a kzalloc() on it.
To address this issue, incorporating a check for the return value of ksmbdallocwork_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access.
- References
-
- https://git.kernel.org/stable/c/271ae0edbfc942795c162e6cf20d2bc02bd7fde4
- https://git.kernel.org/stable/c/2976e91a3e569cf2c92c9f71512c0ab1312fe965
- https://git.kernel.org/stable/c/4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c
- https://git.kernel.org/stable/c/781c743e18bfd9b7dc0383f036ae952bd1486f21
- https://git.kernel.org/stable/c/ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce