CVE-2024-35868

Updated: 2024-12-30

CWE: CWE-416

Description:

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

CVSS3: 7.8


Vendor State

OS Vendor version Errata
Debian 12 6.1.85-1 DSA-5658-1
Ubuntu 24.04 6.8.0-38.38 USN-6893-1

KernelCare State

OS Original kernel version State
Debian 12
Planned
Ubuntu 24.04
Planned