CVE-2024-46795 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-46795?

CVE-2024-46795 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's ksmbd SMB server module allows attackers to cause a kernel panic (denial of service) when reusing connections with binding sessions. This affects Linux systems running ksmbd with SMB3 encryption enabled. The vulnerability can be triggered remotely by authenticated users.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's ksmbd SMB server module allows attackers to cause a kernel panic (denial of service) when reusing connections with binding sessions. This affects Linux systems running ksmbd with SMB3 encryption enabled. The vulnerability can be triggered remotely by authenticated users.

💻 Affected Systems

Products:

Linux kernel with ksmbd module

Versions: Linux kernel versions with vulnerable ksmbd code (specific commit ranges in references)

Operating Systems: Linux distributions with ksmbd enabled

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when ksmbd module is loaded and SMB3 encryption is used. Many distributions don't enable ksmbd by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote kernel panic leading to system crash and denial of service, potentially disrupting SMB file sharing services.

🟠

Likely Case

Denial of service affecting SMB services when attackers trigger the condition through connection reuse.

🟢

If Mitigated

No impact if patched or if ksmbd is not in use.

🌐 Internet-Facing: MEDIUM - Requires SMB service exposure and authentication, but could disrupt services.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt SMB file sharing services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated SMB session and ability to trigger connection reuse with binding sessions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 41bc256da7e47b679df87c7fc7a5b393052b9cce or later

Vendor Advisory: https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify ksmbd module loads correctly.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Unload ksmbd module if not required for SMB file sharing

sudo rmmod ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/ksmbd-blacklist.conf

Disable SMB3 encryption

linux

Configure ksmbd to not use SMB3 encryption if possible

# Configure ksmbd.conf to disable encryption (check ksmbd documentation for specific parameters)

🧯 If You Can't Patch

Restrict SMB access to trusted networks only using firewall rules
Monitor for kernel panic logs and connection reuse patterns

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd. Check kernel version against patched commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and test SMB connection reuse scenarios.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning 'NULL pointer dereference' in ksmbd context
ksmbd error logs about session setup failures

Network Indicators:

Multiple SMB session setup requests on same connection
SMB service disruption patterns

SIEM Query:

source="kernel" AND "NULL pointer dereference" AND "ksmbd" OR source="ksmbd" AND "session setup" AND error

📊 Metadata

CVE ID: CVE-2024-46795

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: September 18, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46795, you might also want to check these: