CVE-2024-58087
Published: March 13, 2025Last modified: March 13, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.1 |
| Attack Vector | NETWORK |
| Attack complexity | HIGH |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.121-r0) |
| Stream | linux-lts | Fixed (6.6.67-r0) |
References
- https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b
- https://git.kernel.org/stable/c/37a0e2b362b3150317fb6e2139de67b1e29ae5ff
- https://git.kernel.org/stable/c/450a844c045ff0895d41b05a1cbe8febd1acfcfd
- https://git.kernel.org/stable/c/a39e31e22a535d47b14656a7d6a893c7f6cf758c
- https://git.kernel.org/stable/c/b95629435b84b9ecc0c765995204a4d8a913ed52
- https://www.zerodayinitiative.com/advisories/ZDI-25-100/