#VU86812 Use-after-free in Linux kernel


Published: 2024-02-27

Vulnerability identifier: #VU86812

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26592

CWE-ID: CWE-416

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1
http://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111
http://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126
http://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544
http://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6
http://www.zerodayinitiative.com/advisories/ZDI-24-195/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-nvidia-6.5
Ubuntu update for linux-laptop
Ubuntu update for linux-oem-6.5
Slackware Linux update for kernel
Ubuntu update for linux-intel-iotg
Ubuntu update for linux-aws
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux
Ubuntu update for linux-oem-6.1