CVE-2024-35999

MEDIUM

Linux Kernel < 6.1.91, 6.2.0-6.6.30, 6.7.0-6.8.9 - Data Race Condition in SMB3 Channel Selection

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)")

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/98c7ed29cd754ae7475dc7cb3f33399fda902729

Patch

https://git.kernel.org/stable/c/0fcf7e219448e937681216353c9a58abae6d3c2e

Patch

https://git.kernel.org/stable/c/60ab245292280905603bc0d3654f4cf8fceccb00

Patch

https://git.kernel.org/stable/c/8094a600245e9b28eb36a13036f202ad67c1f887

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (17)

linux/Kernel 5.16.0 - 6.1.91linux

linux/Kernel 6.2.0 - 6.6.30linux

linux/Kernel 6.7.0 - 6.8.9linux

Linux/Linux < 5.16

Linux/Linux 3d74c2c917e4006a3bd660d2fc7829cb2ef64113

Linux/Linux 5.15.27 - 5.16

Linux/Linux 5.16

Linux/Linux 6.1.91 - 6.1.*

Linux/Linux 6.6.30 - 6.6.*

Linux/Linux 6.8.9 - 6.8.*

... and 7 more

Published May 20, 2024

Tracked Since Feb 18, 2026