CVE-2024-42307
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
17/08/2024
Last modified:
05/09/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path<br />
<br />
Dan Carpenter reported a Smack static checker warning:<br />
fs/smb/client/cifsfs.c:1981 init_cifs()<br />
error: we previously assumed &#39;serverclose_wq&#39; could be null (see line 1895)<br />
<br />
The patch which introduced the serverclose workqueue used the wrong<br />
oredering in error paths in init_cifs() for freeing it on errors.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.85 (including) | 6.1.103 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.26 (including) | 6.6.44 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.8.5 (including) | 6.10.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page