CVE-2024-50047 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-50047?

CVE-2024-50047 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's SMB client when performing asynchronous decryption of large files. The vulnerability allows attackers to potentially crash the kernel or execute arbitrary code by exploiting parallel use of cryptographic transformation objects. Systems using CIFS/SMB mounts with encryption enabled are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's SMB client when performing asynchronous decryption of large files. The vulnerability allows attackers to potentially crash the kernel or execute arbitrary code by exploiting parallel use of cryptographic transformation objects. Systems using CIFS/SMB mounts with encryption enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before fixes in stable trees (specific commits listed in references)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using CIFS/SMB mounts with encryption enabled (seal option). The reproducer uses 'mount.cifs -o ...,seal,esize=1'.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel crash leading to denial of service or potential arbitrary code execution with kernel privileges, resulting in complete system compromise.

🟠

Likely Case

Kernel panic or system crash when accessing large encrypted files via CIFS/SMB mounts, causing denial of service.

🟢

If Mitigated

No impact if systems are patched or don't use CIFS/SMB mounts with encryption enabled.

🌐 Internet-Facing: LOW - Requires access to SMB shares, typically not exposed directly to internet.

🏢 Internal Only: MEDIUM - Internal attackers with access to SMB shares could exploit this to crash systems or potentially gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to mount encrypted SMB shares and ability to trigger large file reads. The vulnerability is in kernel-space code, making exploitation more complex than user-space vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 0809fb86ad13b29e1d6d491364fc7ea4fb545995, 538c26d9bf70c90edc460d18c81008a4e555925a, 8f14a476abba13144df5434871a7225fd29af633, b0abcd65ec545701b8793e12bc27dc98042b151a, bce966530fd5542bbb422cb45ecb775f7a1a6bc3

Vendor Advisory: https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SMB encryption

linux

Avoid using the 'seal' option when mounting CIFS/SMB shares to prevent triggering the vulnerable code path.

mount.cifs //server/share /mnt -o username=user,password=pass # Without 'seal' option

Avoid large file reads

linux

Limit access to large files on encrypted SMB mounts to reduce risk of triggering the async decryption path.

🧯 If You Can't Patch

Disable CIFS/SMB mounts with encryption enabled
Implement network segmentation to limit access to SMB shares

🔍 How to Verify

Check if Vulnerable:

Check if using CIFS/SMB mounts with 'seal' option and kernel version is unpatched. Run: mount | grep cifs and check for 'seal' in options.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits. Check with: uname -r and compare with distribution's patched kernel versions.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning 'slab-use-after-free', 'gf128mul_4k_lle', 'smb2_decrypt_offload', or 'crypt_message' in kernel logs

Network Indicators:

Large file transfers over encrypted SMB connections followed by system instability

SIEM Query:

source="kernel" AND ("slab-use-after-free" OR "gf128mul_4k_lle" OR "smb2_decrypt_offload")

📊 Metadata

CVE ID: CVE-2024-50047

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50047, you might also want to check these: