#VU86812 Use-after-free in Linux kernel - CVE-2024-26592


Vulnerability identifier: #VU86812

Vulnerability risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26592

CWE-ID: CWE-416

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1
https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111
https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126
https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544
https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6
https://www.zerodayinitiative.com/advisories/ZDI-24-195/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-nvidia-6.5
Ubuntu update for linux-laptop
Ubuntu update for linux-oem-6.5
Slackware Linux update for kernel
Ubuntu update for linux-intel-iotg
Ubuntu update for linux-aws
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux
Ubuntu update for linux-oem-6.1