CVE-2024-50283

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Dec 14, 2024
CWE ID 416

Summary

CVE-2024-50283 is a newly identified vulnerability in the Linux kernel that affects the ksmbd component. The issue involves a use-after-free condition in the function smb3_preauth_hash_rsp within ksmbd. Specifically, ksmbd_user_session_put should have been called within smb3_preauth_hash_rsp to prevent the session from being freed before processing this function. This vulnerability could potentially lead to arbitrary code execution or denial of service attacks if exploited. The affected Linux kernel versions have been released with necessary patches to address this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share