CVE-2024-41030NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-99Resource Injection26 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedJul 29
Latest updateDec 12

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when opening a directory. list_add corruption. next is NULL. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! p

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel5.156.1.100+3
Debianlinux/linux_kernel< 6.1.106-1+2
Ubuntulinux/linux_kernel< 6.8.0-48.48
CVEListV5linux/linux0626e6641f6b467447c81dd7678a69c66f7746cf66cf853e1c7a2407f15d9f7aaa3e47d61745e361+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities2024-11-19
OSV
linux-gke vulnerabilities2024-11-15
OSV
linux-raspi vulnerabilities2024-11-14
OSV
linux-oem-6.8 vulnerabilities2024-11-13

📋Vendor Advisories

13
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (Low Latency) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-15
Ubuntu
Linux kernel vulnerabilities2024-11-14
Ubuntu
Linux kernel vulnerabilities2024-11-13