CVE-2024-46742

MEDIUM

Linux Kernel < 6.6.51 SMB Server Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context().

References (6)

Core 6

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/878f32878351104448b86ef5b85d1f8ed6f599fb

Patch

https://git.kernel.org/stable/c/ec28c35029b7930f31117f9284874b63bea4f31b

Patch

https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6

Patch

https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada

Patch

https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (18)

linux/Kernel 5.15.0 - 5.15.181linux

linux/Kernel 5.16.0 - 6.1.135linux

linux/Kernel 6.2.0 - 6.6.51linux

linux/Kernel 6.7.0 - 6.10.10linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 07f384c5be1f8633b13f0a22616e227570450bc6

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 3b692794b81f2ecad69a4adbba687f3836824ada

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 4e8771a3666c8f216eefd6bd2fd50121c6c437db

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 878f32878351104448b86ef5b85d1f8ed6f599fb

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - ec28c35029b7930f31117f9284874b63bea4f31b

... and 8 more

Published Sep 18, 2024

Tracked Since Feb 18, 2026