CVE-2024-58087

HIGH

Linux Kernel 5.15-5.15.175, 5.16-6.1.120, 6.2-6.6.66, 6.7-6.12.5 - Race Condition in SMB Session Lookup

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b

Patch

https://git.kernel.org/stable/c/37a0e2b362b3150317fb6e2139de67b1e29ae5ff

Patch

https://git.kernel.org/stable/c/450a844c045ff0895d41b05a1cbe8febd1acfcfd

Patch

https://git.kernel.org/stable/c/a39e31e22a535d47b14656a7d6a893c7f6cf758c

Patch

https://git.kernel.org/stable/c/b95629435b84b9ecc0c765995204a4d8a913ed52

Patch, Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-100/

Scores

CVSS v3 8.1

EPSS 0.0043

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-667

Status published

Products (18)

linux/Kernel 5.15.0 - 5.15.176linux

linux/Kernel 5.16.0 - 6.1.121linux

linux/Kernel 6.2.0 - 6.6.67linux

linux/Kernel 6.7.0 - 6.12.6linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 2107ab40629aeabbec369cf34b8cf0f288c3eb1b

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 37a0e2b362b3150317fb6e2139de67b1e29ae5ff

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 450a844c045ff0895d41b05a1cbe8febd1acfcfd

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - a39e31e22a535d47b14656a7d6a893c7f6cf758c

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - b95629435b84b9ecc0c765995204a4d8a913ed52

... and 8 more

Published Mar 12, 2025

Tracked Since Feb 18, 2026