CVE-2024-35866
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's SMB client implementation. Attackers could potentially exploit this to crash the kernel or execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with SMB client functionality are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or arbitrary code execution with kernel privileges, potentially resulting in full system compromise.
Likely Case
Kernel panic causing system instability or denial of service, requiring system reboot.
If Mitigated
Limited impact due to exploit complexity and requirement for local access or specific SMB session conditions.
🎯 Exploit Status
Exploitation requires triggering the vulnerable code path during SMB session teardown. Likely requires local access or ability to manipulate SMB sessions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the referenced git commits (10e17ca4000ec34737bde002a13435c38ace2682 and others)
Vendor Advisory: https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution's package manager for kernel updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable SMB client functionality
linuxPrevent use of SMB client which would trigger the vulnerable code path
# Consider unloading cifs module if not needed: sudo modprobe -r cifs
# Note: This may break SMB file sharing functionality
🧯 If You Can't Patch
- Restrict SMB client usage to trusted networks only
- Implement strict access controls to prevent unauthorized users from initiating SMB operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with affected versions. Check if cifs module is loaded: lsmod | grep cifsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable versions. Check that cifs module functions normally without crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crashes during SMB operations
- OOM killer activity related to cifs
Network Indicators:
- Unusual SMB session termination patterns
- Multiple failed SMB connections
SIEM Query:
source="kernel" AND ("panic" OR "Oops") AND "cifs"🔗 References
- https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682
- https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113
- https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045
- https://git.kernel.org/stable/c/d798fd98e3563027c5162259ead517057d6fa794
- https://git.kernel.org/stable/c/f4a60d360d9114b5085701a3702a0102b0d6d846
- https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682
- https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113
- https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
