CVE-2024-46795 (GCVE-0-2024-46795)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-05-11 20:36
VLAI
Title
ksmbd: unset the binding mark of a reused connection
Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 9914f1bd61d5e838bb1ab15a71076d37a6db65d1 (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02 (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 41bc256da7e47b679df87c7fc7a5b393052b9cce (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 4c8496f44f5bb5c06cdef5eb130ab259643392a1 (git)
Affected: f5a544e3bab78142207e0242d22442db85ba1eff , < 78c5a6f1f630172b19af4912e755e1da93ef0ab5 (git)
Create a notification for this product.
Linux Linux Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:22:54.579301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:23:07.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:37.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9914f1bd61d5e838bb1ab15a71076d37a6db65d1",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "41bc256da7e47b679df87c7fc7a5b393052b9cce",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "4c8496f44f5bb5c06cdef5eb130ab259643392a1",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            },
            {
              "lessThan": "78c5a6f1f630172b19af4912e755e1da93ef0ab5",
              "status": "affected",
              "version": "f5a544e3bab78142207e0242d22442db85ba1eff",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn-\u003ebinding can\nstill remain true and generate_preauth_hash() will not set\nsess-\u003ePreauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. -\u003ePreauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n\u003cTASK\u003e\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n\u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:36:41.419Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02"
        },
        {
          "url": "https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5"
        }
      ],
      "title": "ksmbd: unset the binding mark of a reused connection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46795",
    "datePublished": "2024-09-18T07:12:50.259Z",
    "dateReserved": "2024-09-11T15:12:18.279Z",
    "dateUpdated": "2026-05-11T20:36:41.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-46795",
      "date": "2026-06-21",
      "epss": "0.00275",
      "percentile": "0.19065"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46795\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-18T08:15:06.280\",\"lastModified\":\"2025-11-03T23:16:02.223\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nksmbd: unset the binding mark of a reused connection\\n\\nSteve French reported null pointer dereference error from sha256 lib.\\ncifs.ko can send session setup requests on reused connection.\\nIf reused connection is used for binding session, conn-\u003ebinding can\\nstill remain true and generate_preauth_hash() will not set\\nsess-\u003ePreauth_HashValue and it will be NULL.\\nIt is used as a material to create an encryption key in\\nksmbd_gen_smb311_encryptionkey. -\u003ePreauth_HashValue cause null pointer\\ndereference error from crypto_shash_update().\\n\\nBUG: kernel NULL pointer dereference, address: 0000000000000000\\n#PF: supervisor read access in kernel mode\\n#PF: error_code(0x0000) - not-present page\\nPGD 0 P4D 0\\nOops: 0000 [#1] PREEMPT SMP PTI\\nCPU: 8 PID: 429254 Comm: kworker/8:39\\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\\n\u003cTASK\u003e\\n? show_regs+0x6d/0x80\\n? __die+0x24/0x80\\n? page_fault_oops+0x99/0x1b0\\n? do_user_addr_fault+0x2ee/0x6b0\\n? exc_page_fault+0x83/0x1b0\\n? asm_exc_page_fault+0x27/0x30\\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\\n_sha256_update+0x77/0xa0 [sha256_ssse3]\\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\\ncrypto_shash_update+0x1e/0x40\\nhmac_update+0x12/0x20\\ncrypto_shash_update+0x1e/0x40\\ngenerate_key+0x234/0x380 [ksmbd]\\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\\n__process_request+0xa3/0x1d0 [ksmbd]\\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\\nprocess_one_work+0x16c/0x350\\nworker_thread+0x306/0x440\\n? __pfx_worker_thread+0x10/0x10\\nkthread+0xef/0x120\\n? __pfx_kthread+0x10/0x10\\nret_from_fork+0x44/0x70\\n? __pfx_kthread+0x10/0x10\\nret_from_fork_asm+0x1b/0x30\\n\u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: anular la marca de enlace de una conexi\u00f3n reutilizada Steve French inform\u00f3 de un error de desreferencia de puntero nulo de la librer\u00eda sha256. cifs.ko puede enviar solicitudes de configuraci\u00f3n de sesi\u00f3n en una conexi\u00f3n reutilizada. Si se utiliza una conexi\u00f3n reutilizada para vincular la sesi\u00f3n, conn-\u0026gt;binding puede seguir siendo verdadero y generate_preauth_hash() no establecer\u00e1 sess-\u0026gt;Preauth_HashValue y ser\u00e1 NULL. Se utiliza como material para crear una clave de cifrado en ksmbd_gen_smb311_encryptionkey. -\u0026gt;Preauth_HashValue provoca un error de desreferencia de puntero nulo de crypto_shash_update(). ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Nombre del hardware: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Cola de trabajo: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]  ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? error_p\u00e1gina_oops+0x99/0x1b0 ? error_direcci\u00f3n_usuario+0x2ee/0x6b0 ? error_p\u00e1gina_exc+0x83/0x1b0 ? error_p\u00e1gina_exc+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generar_clave+0x234/0x380 [ksmbd] generar_clave_de_cifrado_smb3+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_clave_de_cifrado+0x72/0xa0 [ksmbd] __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_de_fork_asm+0x1b/0x30 \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15\",\"versionEndExcluding\":\"5.15.167\",\"matchCriteriaId\":\"EA943118-D4CB-4C23-A051-06993A503CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.110\",\"matchCriteriaId\":\"6B1A95FC-7E7E-428B-BB59-F76640C652AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.51\",\"matchCriteriaId\":\"E4529134-BAC4-4776-840B-304009E181A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.10\",\"matchCriteriaId\":\"ACDEE48C-137A-4731-90D0-A675865E1BED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77A9280-37E6-49AD-B559-5B23A3B1DC3D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:18:37.201Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-29T14:22:54.579301Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-29T14:22:56.121Z\"}}], \"cna\": {\"title\": \"ksmbd: unset the binding mark of a reused connection\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"f5a544e3bab78142207e0242d22442db85ba1eff\", \"lessThan\": \"9914f1bd61d5e838bb1ab15a71076d37a6db65d1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f5a544e3bab78142207e0242d22442db85ba1eff\", \"lessThan\": \"93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f5a544e3bab78142207e0242d22442db85ba1eff\", \"lessThan\": \"41bc256da7e47b679df87c7fc7a5b393052b9cce\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f5a544e3bab78142207e0242d22442db85ba1eff\", \"lessThan\": \"4c8496f44f5bb5c06cdef5eb130ab259643392a1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f5a544e3bab78142207e0242d22442db85ba1eff\", \"lessThan\": \"78c5a6f1f630172b19af4912e755e1da93ef0ab5\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/smb/server/smb2pdu.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.15\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.15\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.15.167\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.110\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.51\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/smb/server/smb2pdu.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1\"}, {\"url\": \"https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02\"}, {\"url\": \"https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce\"}, {\"url\": \"https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1\"}, {\"url\": \"https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nksmbd: unset the binding mark of a reused connection\\n\\nSteve French reported null pointer dereference error from sha256 lib.\\ncifs.ko can send session setup requests on reused connection.\\nIf reused connection is used for binding session, conn-\u003ebinding can\\nstill remain true and generate_preauth_hash() will not set\\nsess-\u003ePreauth_HashValue and it will be NULL.\\nIt is used as a material to create an encryption key in\\nksmbd_gen_smb311_encryptionkey. -\u003ePreauth_HashValue cause null pointer\\ndereference error from crypto_shash_update().\\n\\nBUG: kernel NULL pointer dereference, address: 0000000000000000\\n#PF: supervisor read access in kernel mode\\n#PF: error_code(0x0000) - not-present page\\nPGD 0 P4D 0\\nOops: 0000 [#1] PREEMPT SMP PTI\\nCPU: 8 PID: 429254 Comm: kworker/8:39\\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\\n\u003cTASK\u003e\\n? show_regs+0x6d/0x80\\n? __die+0x24/0x80\\n? page_fault_oops+0x99/0x1b0\\n? do_user_addr_fault+0x2ee/0x6b0\\n? exc_page_fault+0x83/0x1b0\\n? asm_exc_page_fault+0x27/0x30\\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\\n_sha256_update+0x77/0xa0 [sha256_ssse3]\\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\\ncrypto_shash_update+0x1e/0x40\\nhmac_update+0x12/0x20\\ncrypto_shash_update+0x1e/0x40\\ngenerate_key+0x234/0x380 [ksmbd]\\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\\n__process_request+0xa3/0x1d0 [ksmbd]\\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\\nprocess_one_work+0x16c/0x350\\nworker_thread+0x306/0x440\\n? __pfx_worker_thread+0x10/0x10\\nkthread+0xef/0x120\\n? __pfx_kthread+0x10/0x10\\nret_from_fork+0x44/0x70\\n? __pfx_kthread+0x10/0x10\\nret_from_fork_asm+0x1b/0x30\\n\u003c/TASK\u003e\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.167\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.110\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.51\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.10\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11\", \"versionStartIncluding\": \"5.15\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T20:36:41.419Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-46795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T20:36:41.419Z\", \"dateReserved\": \"2024-09-11T15:12:18.279Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-09-18T07:12:50.259Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.