CVE-2024-56729

Published: Dic 29, 2024 Last Modified: Ott 01, 2025 EU-VD ID: EUVD-2024-53377
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,7
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

smb: Initialize cfid->tcon before performing network ops

Avoid leaking a tcon ref when a lease break races with opening the
cached directory. Processing the leak break might take a reference to
the tcon in cached_dir_lease_break() and then fail to release the ref in
cached_dir_offload_close, since cfid->tcon is still NULL.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 90 Days)

401

Missing Release of Memory after Effective Lifetime

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Instability Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Reduce Performance
Applicable Platforms
Languages: C, C++, Not Language-Specific
Likelihood of Exploit: Medium
View CWE Details
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.7 (inclusive)
To 6.11.11 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.1 (inclusive)
To 6.6.64 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.12 (inclusive)
To 6.12.2 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://git.kernel.org/stable/c/1b9ab6b648f89441c8a13cb3fd8…
https://git.kernel.org/stable/c/1b9ab6b648f89441c8a13cb3fd8ca83ffebc5262
https://git.kernel.org/stable/c/4b216c8f9c7d84ef7de33ca60b9…
https://git.kernel.org/stable/c/4b216c8f9c7d84ef7de33ca60b97e08e03ef3292
https://git.kernel.org/stable/c/625e2357c8fcfae6e66dcc667dc…
https://git.kernel.org/stable/c/625e2357c8fcfae6e66dcc667dc656fe390bab15
https://git.kernel.org/stable/c/c353ee4fb119a2582d0e011f66a…
https://git.kernel.org/stable/c/c353ee4fb119a2582d0e011f66a76a38f5cf984d