Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2024-46742 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-46742

CVE-2024-46742

MEDIUM5.5

smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()

Published Sep 18, 2024

Modified 4 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()

null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL.

Fix this by check if 'lease_ctx_info' is NULL.

Additionally, remove the redundant parentheses in parse_durable_handle_context().

References

WEB

https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6

WEB

https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada

WEB

https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db

WEB

https://git.kernel.org/stable/c/878f32878351104448b86ef5b85d1f8ed6f599fb

WEB

https://git.kernel.org/stable/c/ec28c35029b7930f31117f9284874b63bea4f31b

WEB

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-46742

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedSep 18, 2024

ModifiedNov 3, 2025