CVE-2024-50152
📋 TL;DR
This CVE describes a double-free memory corruption vulnerability in the Linux kernel's SMB client implementation. An attacker could potentially cause a kernel panic or achieve local privilege escalation by triggering this bug. Systems using affected Linux kernel versions with SMB client functionality are at risk.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise or kernel panic causing denial of service.
Likely Case
Kernel panic resulting in system crash and denial of service.
If Mitigated
No impact if kernel is patched or SMB client functionality is disabled.
🎯 Exploit Status
Requires local access and ability to trigger the SMB client's set_ea functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 19ebc1e6cab334a8193398d4152deb76019b5d34, b1813c220b76f60b1727984794377c4aa849d4c1, or c9f758ecf2562dfdd4adf12c22921b5de8366123
Vendor Advisory: https://git.kernel.org/stable/c/19ebc1e6cab334a8193398d4152deb76019b5d34
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable SMB client functionality
linuxPrevent exploitation by disabling SMB client features if not required.
# Consider removing SMB/CIFS client modules if not needed
# Check with: lsmod | grep cifs
# Remove with: rmmod cifs
🧯 If You Can't Patch
- Restrict local user access to minimize attack surface
- Implement strict access controls and monitoring for SMB client usage
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from kernel git commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version containing the fix commits.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash/reboot events
- SMB client error messages
Network Indicators:
- Unusual SMB client activity patterns
SIEM Query:
Search for kernel panic events or system crashes following SMB client operations