CVE-2024-35868

HIGH

Linux Kernel < 6.1.85 - Use After Free

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

References (4)

[Patch] https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b

[Patch] https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72

[Patch] https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7

[Patch] https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-416

Status published

Affected Products (6)

linux/linux_kernel < 6.1.85

linux/linux_kernel

linux/Kernel < 6.1.85linux

linux/Kernel < 6.6.26linux

linux/Kernel < 6.8.5linux

Timeline

Published May 19, 2024

Tracked Since Feb 18, 2026