CVE-2024-46736

If smb2setpathattr() is called with a valid @cfile and returned -EINVAL, we need to call cifsgetwritablepath() again as the reference of @cfile was already dropped by previous smb2compoundop() call.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1e60bc0e954389af82f1d9a85f13a63f6572350f

Fixed

b27ea9c96efd2c252a981fb00d0f001b86c90f3e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

71f15c90e785d1de4bcd65a279e7256684c25c0d

Fixed

1a46c7f6546b73cbf36f5a618a1a6bbb45391eb3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

71f15c90e785d1de4bcd65a279e7256684c25c0d

Fixed

3523a3df03c6f04f7ea9c2e7050102657e331a4f

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.50

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "fs/smb/client/smb2inode.c"
            },
            "id": "CVE-2024-46736-2fd7c988",
            "digest": {
                "line_hashes": [
                    "59959263901043943032483012646118975080",
                    "60217504789355222292449695417983202681",
                    "155979800336332714602479200443534235933",
                    "177755084342724528319259476915398334733"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b27ea9c96efd2c252a981fb00d0f001b86c90f3e"
        },
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "fs/smb/client/smb2inode.c",
                "function": "smb2_rename_path"
            },
            "id": "CVE-2024-46736-39aeefc4",
            "digest": {
                "length": 621.0,
                "function_hash": "320016356159028382855003118332819059593"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b27ea9c96efd2c252a981fb00d0f001b86c90f3e"
        },
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "fs/smb/client/smb2inode.c",
                "function": "smb2_rename_path"
            },
            "id": "CVE-2024-46736-6142cac4",
            "digest": {
                "length": 621.0,
                "function_hash": "320016356159028382855003118332819059593"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3523a3df03c6f04f7ea9c2e7050102657e331a4f"
        },
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "fs/smb/client/smb2inode.c",
                "function": "smb2_rename_path"
            },
            "id": "CVE-2024-46736-99214fc5",
            "digest": {
                "length": 621.0,
                "function_hash": "320016356159028382855003118332819059593"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a46c7f6546b73cbf36f5a618a1a6bbb45391eb3"
        },
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "fs/smb/client/smb2inode.c"
            },
            "id": "CVE-2024-46736-aca4fd8d",
            "digest": {
                "line_hashes": [
                    "59959263901043943032483012646118975080",
                    "60217504789355222292449695417983202681",
                    "155979800336332714602479200443534235933",
                    "177755084342724528319259476915398334733"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3523a3df03c6f04f7ea9c2e7050102657e331a4f"
        },
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "fs/smb/client/smb2inode.c"
            },
            "id": "CVE-2024-46736-ea32732e",
            "digest": {
                "line_hashes": [
                    "59959263901043943032483012646118975080",
                    "60217504789355222292449695417983202681",
                    "155979800336332714602479200443534235933",
                    "177755084342724528319259476915398334733"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a46c7f6546b73cbf36f5a618a1a6bbb45391eb3"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.51

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.10.10