CVE-2024-57925

High

Published: 19 January 2025

Published

19 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0005 15.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access.

Security Summary

CVE-2024-57925 is a NULL pointer dereference vulnerability (CWE-476) in the Linux kernel's ksmbd module, which implements the SMB server protocol. The issue occurs in the smb2_send_interim_resp() function, where a failure of ksmbd_alloc_work_struct() to allocate a work structure results in a NULL pointer being assigned to in_work. Without checking this return value, the subsequent allocate_interim_rsp_buf() function attempts a kzalloc() on the NULL pointer, causing an illegal memory write. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by triggering the smb2_send_interim_resp() path under conditions where memory allocation fails, such as in low-memory scenarios. Successful exploitation leads to high integrity and availability impacts, potentially resulting in kernel crashes, denial of service, or memory corruption, though confidentiality is not affected.

Mitigation requires applying the relevant upstream kernel patches, as detailed in the stable kernel commit references: 271ae0edbfc942795c162e6cf20d2bc02bd7fde4, 2976e91a3e569cf2c92c9f71512c0ab1312fe965, 4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c, 781c743e18bfd9b7dc0383f036ae952bd1486f21, and ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce. These commits add a return value check for ksmbd_alloc_work_struct() to ensure the function exits early on allocation failure, preventing the illegal memory access.

Details

CWE(s): CWE-476

Affected Products

linux

linux kernel

6.13 · 5.15.145 — 5.16 · 6.1.71 — 6.1.125 · 6.6 — 6.6.72

References

https://git.kernel.org/stable/c/271ae0edbfc942795c162e6cf20d2bc02bd7fde4
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2976e91a3e569cf2c92c9f71512c0ab1312fe965
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/781c743e18bfd9b7dc0383f036ae952bd1486f21
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108