CVE-2024-42307

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
17/08/2024
Last modified:
05/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path<br /> <br /> Dan Carpenter reported a Smack static checker warning:<br /> fs/smb/client/cifsfs.c:1981 init_cifs()<br /> error: we previously assumed &amp;#39;serverclose_wq&amp;#39; could be null (see line 1895)<br /> <br /> The patch which introduced the serverclose workqueue used the wrong<br /> oredering in error paths in init_cifs() for freeing it on errors.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.85 (including) 6.1.103 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.26 (including) 6.6.44 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8.5 (including) 6.10.3 (excluding)