CVE-2024-50120
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50120 is a vulnerability affecting the Linux kernel's SMB (Server Message Block) client. In the function smb3_reconfigure(), there was a failure to properly check for memory allocation errors when duplicating password strings using kstrdup(). If the allocation for ses->password or ses->password2 fails, the function continues execution with an invalid pointer, potentially leading to memory corruption or denial of service attacks. To mitigate this issue, the Linux kernel now returns -ENOMEM in such cases and properly frees the previous password string before setting it to NULL and returning.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX