Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in ksmbd_tcp_new_connection() function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.15.0, < 5.15.149 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111Patch
- https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1Patch
- https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544Patch
- https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126Patch
- https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6Patch
- https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111Patch
- https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1Patch
- https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544Patch
- https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126Patch
- https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6Patch
FAQ
What is CVE-2024-26592?
CVE-2024-26592 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection....
How severe is CVE-2024-26592?
CVE-2024-26592 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26592?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.