Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-42307

HistoryAug 17, 2024 - 9:15 a.m.

CVE-2024-42307

2024-08-1709:15:10

CWE-476

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

cifs

potential null pointer

vulnerability

fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path

Dan Carpenter reported a Smack static checker warning:
fs/smb/client/cifsfs.c:1981 init_cifs()
error: we previously assumed ‘serverclose_wq’ could be null (see line 1895)

The patch which introduced the serverclose workqueue used the wrong
oredering in error paths in init_cifs() for freeing it on errors.

Affected configurations

Nvd

Node

linuxlinux_kernelRange6.1.85–6.1.103

linuxlinux_kernelRange6.6.26–6.6.44

linuxlinux_kernelRange6.8.5–6.10.3

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303

git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2

git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777

git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2024-42307