Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning: fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(ea); | ^~~~~~~~~ There is a double free in such case: 'ea is initialized to NULL' -> 'first successful memory allocation for ea' -> 'something failed, goto sea_exit' -> 'first memory release for ea' -> 'goto replay_again' -> 'second goto sea_exit before allocate memory for ea' -> 'second memory release for ea resulted in double free'. Re-initialie 'ea' to NULL near to the replay_again label, it can fix this double free problem.

INFO

Published Date :

2024-11-07T09:31:28.733Z

Last Modified :

2025-05-04T09:47:22.979Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50152 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50152.

URL Resource
https://git.kernel.org/stable/c/19ebc1e6cab334a8193398d4152deb76019b5d34 cve-icon cve-icon
https://git.kernel.org/stable/c/b1813c220b76f60b1727984794377c4aa849d4c1 cve-icon cve-icon
https://git.kernel.org/stable/c/c9f758ecf2562dfdd4adf12c22921b5de8366123 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024110745-CVE-2024-50152-535e@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-50152 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-50152 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact