CVE-2024-46742

medium

Description

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context().

References

https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db

https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada

https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6

Details

Source: Mitre, NVD

Published: 2024-09-18

Updated: 2024-09-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium