CVE-2024-35865

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd	Patch
https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd	Patch
https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4	Patch
https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4	Patch
https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628	Patch
https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628	Patch
https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7	Patch
https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

07 Apr 2025, 18:57

Type	Values Removed	Values Added
CWE		CWE-416
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
References	~~() https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd -~~	() https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd - Patch
References	~~() https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628 -~~	() https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628 - Patch
References	~~() https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7 -~~	() https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7 - Patch
References	~~() https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4 -~~	() https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4 - Patch

19 May 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-19 09:15

Updated : 2025-04-07 18:57

NVD link : CVE-2024-35865

Mitre link : CVE-2024-35865

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd", "name": "https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd", "name": "https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4", "name": "https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4", "name": "https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628", "name": "https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628", "name": "https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7", "name": "https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7", "name": "https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-416"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-35865", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2024-05-19T09:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.26", "versionStartIncluding": "6.2"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.85"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-07T18:57Z"}