SB2024111961 - Input validation error in Linux kernel smb server
Published: November 19, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024111961
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2024-50285)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smb1_negotiate() and init_smb1_server() functions in fs/smb/server/smb_common.c, within the handle_ksmbd_work() and queue_ksmbd_work() functions in fs/smb/server/server.c, within the ksmbd_conn_alloc() function in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f993777275cbd8f74765c4f9d9285cb907c9be5
- https://git.kernel.org/stable/c/e257ac6fe138623cf59fca8898abdf659dbc8356
- https://git.kernel.org/stable/c/0a77d947f599b1f39065015bec99390d0c0022ee
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.61