CVE-2024-58087

ksmbd: fix racy issue from session lookup and expire

Published: 3/12/2025 Last updated: 5/4/2025 Reserved: 3/6/2025

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
Linux	Linux	< 9114ba9987506bcfbb454f6e68558d68cb1abbde
Linux	Linux	< 10.0.17763.4737

References (6)

https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b
https://git.kernel.org/stable/c/37a0e2b362b3150317fb6e2139de67b1e29ae5ff
https://git.kernel.org/stable/c/450a844c045ff0895d41b05a1cbe8febd1acfcfd
https://git.kernel.org/stable/c/a39e31e22a535d47b14656a7d6a893c7f6cf758c
https://git.kernel.org/stable/c/b95629435b84b9ecc0c765995204a4d8a913ed52
https://www.zerodayinitiative.com/advisories/ZDI-25-100/