CVE-2024-42307

MEDIUM

Linux Kernel - Null Pointer Dereference in CIFS Workqueue Initialization

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() error: we previously assumed 'serverclose_wq' could be null (see line 1895) The patch which introduced the serverclose workqueue used the wrong oredering in error paths in init_cifs() for freeing it on errors.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671

Patch

https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303

Patch

https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777

Patch

https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 11.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (18)

linux/Kernel < 6.1.103linux

linux/Kernel 6.2.0 - 6.6.44linux

linux/Kernel 6.7.0 - 6.10.3linux

Linux/Linux < 6.9

Linux/Linux 173217bd73365867378b5e75a86f0049e1069ee8 - 193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2

Linux/Linux 173217bd73365867378b5e75a86f0049e1069ee8 - 3739d711246d8fbc95ff73dbdace9741cdce4777

Linux/Linux 40a5d14c9d3b585d55d3209fb5efe202dcaac926

Linux/Linux 6.1.103 - 6.1.*

Linux/Linux 6.1.85 - 6.1.103

Linux/Linux 6.10.3 - 6.10.*

... and 8 more

Published Aug 17, 2024

Tracked Since Feb 18, 2026