CVE-2024-26928Use After Free in Linux

CWE-416Use After Free60 documents8 sources
Severity
7.8HIGHNVD
OSV6.8OSV5.5
EPSS
0.0%
top 96.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedApr 28
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel4.205.10.237+5
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-212.232+6
CVEListV5linux/linuxdfe33f9abc08997e56f9bdf14fe9ac7ac0e140758f8718afd446cd4ea3b62bacc3eec09f8aae85ee+6
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

29
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-xilinx-zynqmp vulnerabilities2025-05-02
OSV
linux-gcp-5.15 vulnerabilities2025-04-28
OSV
linux-intel-iotg-5.15 vulnerabilities2025-04-24

📋Vendor Advisories

29
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-05-02
Ubuntu
Linux kernel (GCP) vulnerabilities2025-04-28
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24

💬Community

1
Bugzilla
CVE-2024-26928 kernel: smb: client: potential use-after-free in cifs_debug_files_proc_show()2024-04-30