CVE-2024-46796
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's SMB client implementation. When smb2_set_path_size() encounters an -EINVAL error, it incorrectly handles file reference counts, leading to double-free conditions. This affects Linux systems using CIFS/SMB client functionality to access Windows file shares.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential denial of service, or kernel memory corruption that could be leveraged for privilege escalation.
Likely Case
System instability, kernel crashes, or denial of service when accessing SMB shares, particularly during file truncation operations.
If Mitigated
Limited to SMB client operations; systems not using CIFS/SMB client or not accessing affected Windows shares would be unaffected.
🎯 Exploit Status
Exploitation requires triggering specific error conditions in SMB operations. The KASAN splat shows it was discovered during fstests, suggesting it's more likely to cause crashes than be weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 5a72d1edb0843e4c927a4096f81e631031c25c28, 762099898309218b4a7954f3d49e985dc4dfd638, or f9c169b51b6ce20394594ef674d6b10efba31220
Vendor Advisory: https://git.kernel.org/stable/c/5a72d1edb0843e4c927a4096f81e631031c25c28
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable CIFS/SMB client module
linuxPrevent loading of the vulnerable kernel module if SMB functionality is not required
echo 'blacklist cifs' >> /etc/modprobe.d/blacklist.conf
rmmod cifs
Avoid file truncation on SMB shares
linuxMinimize use of truncate operations on mounted SMB shares
🧯 If You Can't Patch
- Restrict SMB share access to trusted Windows servers only
- Monitor systems for kernel panics or crashes related to CIFS operations
🔍 How to Verify
Check if Vulnerable:
Check if CIFS module is loaded: lsmod | grep cifs. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test SMB file operations, particularly truncate operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN use-after-free reports
- CIFS/SMB error messages in dmesg
- System crashes during file operations
Network Indicators:
- Increased SMB error responses from Windows servers
- Abnormal SMB protocol sequences
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "CIFS" OR "smb")