In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix potential null-ptr-deref of leasectxinfo in smb2_open()
null-ptr-deref will occur when (reqoplevel == SMB2OPLOCKLEVELLEASE) and parselease_state() return NULL.
Fix this by check if 'leasectxinfo' is NULL.
Additionally, remove the redundant parentheses in parsedurablehandle_context().
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "file": "fs/smb/server/smb2pdu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec28c35029b7930f31117f9284874b63bea4f31b", "deprecated": false, "digest": { "line_hashes": [ "4241616818477471815142371603820428339", "325917023934151390881743136694361706288", "160085414498030925796739303822666070233", "5496769890710351360192689078456168506" ], "threshold": 0.9 }, "id": "CVE-2024-46742-130ba1b4" }, { "signature_version": "v1", "target": { "file": "fs/ksmbd/smb2pdu.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@878f32878351104448b86ef5b85d1f8ed6f599fb", "deprecated": false, "digest": { "line_hashes": [ "4241616818477471815142371603820428339", "325917023934151390881743136694361706288", "160085414498030925796739303822666070233", "5496769890710351360192689078456168506" ], "threshold": 0.9 }, "id": "CVE-2024-46742-3d15a974" }, { "signature_version": "v1", "target": { "function": "smb2_open", "file": "fs/smb/server/smb2pdu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec28c35029b7930f31117f9284874b63bea4f31b", "deprecated": false, "digest": { "length": 18474.0, "function_hash": "337665499700366138029799385913548599488" }, "id": "CVE-2024-46742-e9a77e4f" }, { "signature_version": "v1", "target": { "function": "smb2_open", "file": "fs/ksmbd/smb2pdu.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@878f32878351104448b86ef5b85d1f8ed6f599fb", "deprecated": false, "digest": { "length": 18344.0, "function_hash": "160865761837186565335055412388843004508" }, "id": "CVE-2024-46742-f383bba7" } ] }