Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2024-35866

CVE-2024-35866

HIGH7.8

smb: client: fix potential UAF in cifs_dump_full_key()

Published May 19, 2024

Modified 2 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in cifs_dump_full_key()

Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

References

WEB

https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682

WEB

https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113

WEB

https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045

WEB

https://git.kernel.org/stable/c/d798fd98e3563027c5162259ead517057d6fa794

WEB

https://git.kernel.org/stable/c/f4a60d360d9114b5085701a3702a0102b0d6d846

WEB

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-35866

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 19, 2024

ModifiedJan 5, 2026

CVE-2024-35866 | Mondoo Vulnerability Intelligence