CVE-2024-42256
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-42256 is a vulnerability affecting the Linux kernel's CIFS (Common Internet File System) implementation. The issue lies in the netfs module where, during a subrequest retry, the server is re-picked, causing a misaccounting of in-flight requests. This leads to a warning message in the kernel logs, including "smb2_add_credits+0x3f0/0x9e0 [cifs]". This vulnerability can manifest with various xfstests and is particularly noticeable in Azure servers running in multichannel mode. The issue has been resolved by removing the server re-picking code in smb2_async_writev().
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX