CVE-2024-35861 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-35861?

CVE-2024-35861 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's SMB client implementation. Attackers could potentially exploit this to crash the kernel or execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with SMB client functionality are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's SMB client implementation. Attackers could potentially exploit this to crash the kernel or execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with SMB client functionality are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable kernel versions not explicitly stated in CVE description; check git commits for exact ranges

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the SMB client functionality (cifs/smb client module). Systems only acting as SMB servers are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential arbitrary code execution with kernel privileges, resulting in complete system compromise.

🟠

Likely Case

Kernel panic causing system instability or denial of service, requiring system reboot.

🟢

If Mitigated

System remains stable with no impact if the vulnerable code path isn't triggered during session teardown.

🌐 Internet-Facing: LOW - Requires SMB client connections to be established, which is less common for internet-facing systems.

🏢 Internal Only: MEDIUM - Internal systems using SMB client connections to access file shares could be vulnerable to internal attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires specific timing during SMB session teardown and kernel memory manipulation.

Exploitation requires triggering the vulnerable code path during SMB session cleanup, which may be difficult to achieve reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific kernel versions from provided git commit references

Vendor Advisory: https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SMB client module

linux

Prevent loading of the vulnerable cifs/smb client kernel module

echo 'blacklist cifs' >> /etc/modprobe.d/blacklist.conf
rmmod cifs

Restrict SMB client usage

linux

Prevent systems from initiating SMB client connections

🧯 If You Can't Patch

Isolate systems from untrusted SMB servers
Implement strict network segmentation for SMB traffic

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions from git commits. Check if cifs module is loaded: lsmod | grep cifs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version. Confirm cifs module version if possible.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Oops messages in dmesg
System crashes during SMB operations

Network Indicators:

Unusual SMB client connection patterns
Multiple failed SMB session establishments

SIEM Query:

source="kernel" AND ("panic" OR "Oops") AND ("cifs" OR "SMB")

📊 Metadata

CVE ID: CVE-2024-35861

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 19, 2024

Last Updated: December 30, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35861, you might also want to check these: