fkie_cve-2024-41030
Vulnerability from fkie_nvd
Published
2024-07-29 15:15
Modified
2024-11-21 09:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when opening a directory. list_add corruption. next is NULL. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! pc : __list_add_valid+0x88/0xbc lr : __list_add_valid+0x88/0xbc Call trace: __list_add_valid+0x88/0xbc fuse_finish_open+0x11c/0x170 fuse_open_common+0x284/0x5e8 fuse_dir_open+0x14/0x24 do_dentry_open+0x2a4/0x4e0 dentry_open+0x50/0x80 smb2_open+0xbe4/0x15a4 handle_ksmbd_work+0x478/0x5ec process_one_work+0x1b4/0x448 worker_thread+0x25c/0x430 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: discard write access to the directory open\n\nmay_open() does not allow a directory to be opened with the write access.\nHowever, some writing flags set by client result in adding write access\non server, making ksmbd incompatible with FUSE file system. Simply, let\u0027s\ndiscard the write access when opening a directory.\n\nlist_add corruption. next is NULL.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:26!\npc : __list_add_valid+0x88/0xbc\nlr : __list_add_valid+0x88/0xbc\nCall trace:\n__list_add_valid+0x88/0xbc\nfuse_finish_open+0x11c/0x170\nfuse_open_common+0x284/0x5e8\nfuse_dir_open+0x14/0x24\ndo_dentry_open+0x2a4/0x4e0\ndentry_open+0x50/0x80\nsmb2_open+0xbe4/0x15a4\nhandle_ksmbd_work+0x478/0x5ec\nprocess_one_work+0x1b4/0x448\nworker_thread+0x25c/0x430\nkthread+0x104/0x1d4\nret_from_fork+0x10/0x20"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ksmbd: descarta el acceso de escritura al directorio abierto may_open() no permite abrir un directorio con acceso de escritura. Sin embargo, algunos indicadores de escritura establecidos por el cliente dan como resultado la adici\u00f3n de acceso de escritura en el servidor, lo que hace que ksmbd sea incompatible con el sistema de archivos FUSE. Simplemente, descartemos el acceso de escritura al abrir un directorio. list_add corrupci\u00f3n. lo siguiente es NULO. ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en lib/list_debug.c:26! pc: __list_add_valid+0x88/0xbc lr: __list_add_valid+0x88/0xbc Rastreo de llamadas: __list_add_valid+0x88/0xbc fuse_finish_open+0x11c/0x170 fuse_open_common+0x284/0x5e8 fuse_dir_open+0x14/0x24 a4/0x4e0 dentry_open+0x50/0x80 smb2_open+0xbe4 /0x15a4 handle_ksmbd_work+0x478/0x5ec process_one_work+0x1b4/0x448 worker_thread+0x25c/0x430 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20"
    }
  ],
  "id": "CVE-2024-41030",
  "lastModified": "2024-11-21T09:32:06.033",
  "metrics": {},
  "published": "2024-07-29T15:15:11.697",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.