CVE-2024-58087
Published: 12 March 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2024-58087 is a race condition vulnerability in the ksmbd (Kernel SMB Daemon) component of the Linux kernel. The flaw stems from a racy issue between session lookup and session expiration, where the session reference count is not incremented within the lock during lookup, potentially leading to improper handling of SMB sessions. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-667 (Improper Locking). The vulnerability was published on 2025-03-12.
A remote network-based attacker requires no privileges or user interaction but must overcome high attack complexity to exploit it. Successful exploitation could result in high confidentiality, integrity, and availability impacts, potentially allowing unauthorized access to or disruption of SMB sessions managed by ksmbd.
Mitigation involves applying kernel patches that increment the session reference count within the lock during lookup to prevent the race. Relevant stable kernel commits include: https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b, https://git.kernel.org/stable/c/37a0e2b362b3150317fb6e2139de67b1e29ae5ff, https://git.kernel.org/stable/c/450a844c045ff0895d41b05a1cbe8febd1acfcfd, https://git.kernel.org/stable/c/a39e31e22a535d47b14656a7d6a893c7f6cf758c, and https://git.kernel.org/stable/c/b95629435b84b9ecc0c765995204a4d8a913ed52.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The race condition vulnerability in the ksmbd SMB daemon directly enables remote exploitation of the service over the network, mapping to Exploitation of Remote Services.