We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-44992

smb/client: avoid possible NULL dereference in cifs_free_subrequest()



AssignerLinux
Reserved2024-08-21
Published2024-09-04
Updated2024-09-04

Description

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid possible NULL dereference in cifs_free_subrequest() Clang static checker (scan-build) warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in R/W requests") adds a check for 'rdata->server', and let clang throw this warning about NULL dereference. When 'rdata->credits.value != 0 && rdata->server == NULL' happens, add_credits_and_wake_if() will call rdata->server->ops->add_credits(). This will cause NULL dereference problem. Add a check for 'rdata->server' to avoid NULL dereference.

Product status

Default status
0x4000146760

69c3c023af25 before fead60a6d5f8
affected

69c3c023af25 before 74c2ab6d653b
affected

Default status
0x4000146940

6.10
affected

Any version before 6.10
unaffected

6.10.7
unaffected

6.11-rc4
unaffected

References

https://git.kernel.org/stable/c/fead60a6d5f84b472b928502a42c419253afe6c1

https://git.kernel.org/stable/c/74c2ab6d653b4c2354df65a7f7f2df1925a40a51

cve.org CVE-2024-44992

nvd.nist.gov CVE-2024-44992

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-44992
Subscribe to our newsletter to learn more about our work.