{
  "threat_severity" : "Moderate",
  "public_date" : "2024-11-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: smb: client: fix possible double free in smb2_set_ea()",
    "id" : "2324423",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2324423"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-415",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix possible double free in smb2_set_ea()\nClang static checker(scan-build) warning：\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n1304 |         kfree(ea);\n|         ^~~~~~~~~\nThere is a double free in such case:\n'ea is initialized to NULL' -> 'first successful memory allocation for\nea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'\n-> 'goto replay_again' -> 'second goto sea_exit before allocate memory\nfor ea' -> 'second memory release for ea resulted in double free'.\nRe-initialie 'ea' to NULL near to the replay_again label, it can fix this\ndouble free problem.", "A doubly freeing memory vulnerability exists in the Linux kernel smb client. After the first successful memory allocation for 'ea', the second memory release for 'ea' will result in double free, leading to loss of availability of the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-50152\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50152\nhttps://lore.kernel.org/linux-cve-announce/2024110745-CVE-2024-50152-535e@gregkh/T" ],
  "name" : "CVE-2024-50152",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}