CVE-2024-42256

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 8, 2024
Updated: Sep 6, 2024

Summary

CVE-2024-42256 is a vulnerability affecting the Linux kernel's CIFS (Common Internet File System) implementation. The issue lies in the netfs module where, during a subrequest retry, the server is re-picked, causing a misaccounting of in-flight requests. This leads to a warning message in the kernel logs, including "smb2_add_credits+0x3f0/0x9e0 [cifs]". This vulnerability can manifest with various xfstests and is particularly noticeable in Azure servers running in multichannel mode. The issue has been resolved by removing the server re-picking code in smb2_async_writev().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share