CVE-2024-39468

MEDIUM

Linux Kernel - Denial of Service via SMB Client Deadlock in smb2_find_smb_tcon()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock.

References (9)

Core 9

Core References

Patch

https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261

Patch

https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720

Patch

https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5

Patch

https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a

Patch

https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47

Patch

https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (19)

linux/Kernel 5.14.0 - 5.15.162linux

linux/Kernel 5.16.0 - 6.1.94linux

linux/Kernel 6.2.0 - 6.6.34linux

linux/Kernel 6.7.0 - 6.9.5linux

Linux/Linux < 5.14

Linux/Linux 5.14

Linux/Linux 5.15.162 - 5.15.*

Linux/Linux 6.1.94 - 6.1.*

Linux/Linux 6.10

Linux/Linux 6.6.34 - 6.6.*

... and 9 more

Published Jun 25, 2024

Tracked Since Feb 18, 2026