VYPR
← All advisories
High severity7.8NVD Advisory· Published May 19, 2024· Updated Apr 21, 2026

CVE-2024-35866

CVE-2024-35866

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in cifs_dump_full_key()

Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

Affected products

4
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.13,<5.15.181
    • cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

Patches

5
d798fd98e356
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
f4a60d360d91
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
10e17ca4000e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
3103163ccd3b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
58acd1f49716
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.