The vulnerability of the decrypt_raw_data() function in the SMB subsystem of the Linux operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the decryptrawdata function in the fs/smb/client/smb2ops.c module of the SMB subsystem of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...

PT-2024-34110

The Linux kernel's ksmbd component is affected by a memory exhaustion issue due to simultaneous SMB operations, which can consume excessive memory through the "ksmbd work cache", leading to an Out-of-Memory OOM issue. The issue arises when a client sends multiple SMB operations to ksmbd, and the...

PT-2024-10005

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65 Description The issue is related to a use-after-free vulnerability in the Linux kernel's SMB client, specifically in the generic ip connect function. This vulnerability can be exploited to impact the...

The vulnerability of the smb2(smb2v()) in the Linux kernel’s fs/smb/client/smb2pdu.c file allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the smb2smb2v in the Linux kernel’s fs/smb/client/smb2pdu.c file is related to improper resource management due to repeated server selection during subsequent requests. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and...

Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005565 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF ...

Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059147 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862:...

Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001347 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122219 fixes several issues. The following security issues were fixed: CVE-2024-35863: Fixed potential UAF in isvalidoplockbreak bsc1225011. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862: Fixed...

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862:...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024183 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024166 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

SUSE CVE-2024-50086

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add sessionlock when setting SMB2SESSIONEXPIRED and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition during the handling of smb2 session logout and setup, which could lead to memory reuse afte...

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001011 fixes one issue. The following security issue was fixed: CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

The vulnerability in the `usb_remote_smb_conf.cgi` script of NETGEAR XR1000 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability in the usbremotesmbconf.cgi script of NETGEAR XR1000 Wi-Fi routers lies in the lack of measures for sanitizing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the sharename parameter...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a crash due to post-release reuse when the smb client performs asynchronous decryption...

The vulnerability of the ksmbd component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ksmbd component in the Linux operating system’s kernel is related to the assignment of NULL pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-46796

...

CVE-2022-32742

...