CVE-2024-26928

HIGH

Linux Kernel - Use-After-Free in SMB Client Debug Files Proc Show

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

References (7)

Core 7

Core References

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Patch

https://git.kernel.org/stable/c/8f8718afd446cd4ea3b62bacc3eec09f8aae85ee

Patch

https://git.kernel.org/stable/c/a140224bcf87eb98a87b67ff4c6826c57e47b704

Patch

https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88

Patch

https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d

Patch

https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1

Patch

https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (22)

debian/debian_linux 11.0

linux/Kernel 4.20.0 - 5.10.237linux

linux/Kernel 5.11.0 - 5.15.180linux

linux/Kernel 5.16.0 - 6.1.85linux

linux/Kernel 6.2.0 - 6.6.26linux

linux/Kernel 6.7.0 - 6.8.5linux

Linux/Linux < 4.20

Linux/Linux 4.20

Linux/Linux 5.10.237 - 5.10.*

Linux/Linux 5.15.180 - 5.15.*

... and 12 more

Published Apr 28, 2024

Tracked Since Feb 18, 2026