CVE-2024-46742

smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)
and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in
parse_durable_handle_context().

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context().

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (bookworm), these problems have been fixed in version 6.1.135-1.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-11 CVE Reserved
2024-09-18 CVE Published
2025-05-04 CVE Updated
2025-06-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/878f32878351104448b86ef5b85d1f8ed6f599fb	2025-05-02
https://git.kernel.org/stable/c/ec28c35029b7930f31117f9284874b63bea4f31b	2025-04-25
https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6	2024-09-12
https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada	2024-09-12
https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db	2024-08-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.181 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.181"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.135 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.135"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.10.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.10.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.11"		en		Affected