CVE-2024-53177

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 27, 2024

Updated: Feb 11, 2025

CWE ID 416

Summary

CVE-2024-53177 is a vulnerability affecting the Linux kernel's SMB (Server Message Block) subsystem. A use-after-free issue was identified in the open_cached_dir() function, which may occur when an error is encountered while parsing a lease from the server. This error handling may race with receiving a lease break, resulting in the cfid being freed while queued work is still pending. The issue has been resolved by dropping refs rather than directly freeing the cfid, and making related adjustments to the reference counting in cfids_laundromat_worker() and invalidate_all_cached_dirs(). This vulnerability, discovered through KASAN, could potentially lead to a memory leak or other unintended behavior.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners