CVE-2024-53179

Updated: 2025-01-14 17:47:55.427729

Description:

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() smb2_calc_signature() crypto_shash_setkey() *UAF* Fix this by ensuring that we have a valid @ses->auth_key.response by checking whether @ses->ses_status is SES_GOOD or SES_EXITING with @ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()"), we made sure to call ->logoff() only when @ses was known to be good (e.g. valid ->auth_key.response), so it's safe to access signing key when @ses->ses_status == SES_EXITING.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738671431 2025-02-05 02:18:11
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738670922 2025-02-05 02:18:12
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-01-14 13:27:56
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-01-14 13:28:04
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-01-14 13:28:03
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-01-14 13:28:02
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-02-07 06:37:48
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-01-14 13:27:58
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-01-14 13:28:09
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-01-14 13:28:05
Total: 14