CVE-2024-35865 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2024-35865?

CVE-2024-35865 has a CVSS score of 5.5 (MEDIUM). A use-after-free vulnerability in the Linux kernel's SMB client could allow an attacker to crash the system or potentially execute arbitrary code. This affects Linux systems using the SMB client when processing oplock break notifications. Attackers could exploit this by sending malicious SMB packets to trigger the vulnerability.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's SMB client could allow an attacker to crash the system or potentially execute arbitrary code. This affects Linux systems using the SMB client when processing oplock break notifications. Attackers could exploit this by sending malicious SMB packets to trigger the vulnerability.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions not specified in CVE, but patches are available in stable kernel trees.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SMB client functionality enabled and in use. Requires SMB session establishment.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, resulting in complete system compromise.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring system reboot to restore functionality.

🟢

If Mitigated

System crash requiring reboot but no data loss or privilege escalation if proper isolation and monitoring are in place.

🌐 Internet-Facing: MEDIUM - Requires SMB access to vulnerable system, but SMB is often blocked at network perimeter.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems could exploit this via SMB connections.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to send SMB packets to trigger oplock break handling during session teardown.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees via provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SMB client

linux

Prevent use of SMB client functionality if not required

# Consider removing SMB/CIFS modules if not needed
# lsmod | grep cifs
# modprobe -r cifs

Network segmentation

linux

Restrict SMB traffic to trusted sources only

# iptables -A INPUT -p tcp --dport 445 -j DROP
# iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

Implement strict network controls to block SMB traffic from untrusted sources
Monitor systems for kernel panics or unexpected reboots and investigate SMB-related crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisories. Vulnerable if using unpatched kernel with SMB client enabled.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version from vendor advisory and system remains stable during SMB operations.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/messages or dmesg
Unexpected system reboots
SMB-related error messages

Network Indicators:

Unusual SMB traffic patterns
Multiple SMB session establishment/teardown attempts

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND ("smb" OR "cifs" OR "SMB")

📊 Metadata

CVE ID: CVE-2024-35865

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

Published: May 19, 2024

Last Updated: April 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35865, you might also want to check these: