#VU97570 Input validation error in Linux kernel - CVE-2024-46736
Published: September 18, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU97570
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-46736
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb2_rename_path() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/b27ea9c96efd2c252a981fb00d0f001b86c90f3e
- https://git.kernel.org/stable/c/1a46c7f6546b73cbf36f5a618a1a6bbb45391eb3
- https://git.kernel.org/stable/c/3523a3df03c6f04f7ea9c2e7050102657e331a4f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51