CVE-2024-50283
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-50283 is a newly identified vulnerability in the Linux kernel that affects the ksmbd component. The issue involves a use-after-free condition in the function smb3_preauth_hash_rsp within ksmbd. Specifically, ksmbd_user_session_put should have been called within smb3_preauth_hash_rsp to prevent the session from being freed before processing this function. This vulnerability could potentially lead to arbitrary code execution or denial of service attacks if exploited. The affected Linux kernel versions have been released with necessary patches to address this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX