Use After Free Affecting kernel-tools-devel package, versions <0:4.14.355-275.603.amzn2


Severity

Recommended
0.0
high
0
10

Based on Amazon Linux security rating.

Threat Intelligence

EPSS
0.25% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-AMZN2-KERNELTOOLSDEVEL-9514599
  • published26 Mar 2025
  • disclosed27 Dec 2024

Introduced: 27 Dec 2024

CVE-2024-53179  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade Amazon-Linux:2 kernel-tools-devel to version 0:4.14.355-275.603.amzn2 or higher.
This issue was patched in ALAS2-2025-2800.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-tools-devel package and not the kernel-tools-devel package as distributed by Amazon-Linux. See How to fix? for Amazon-Linux:2 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free of signing key

Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race:

task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() smb2_calc_signature() crypto_shash_setkey() UAF

Fix this by ensuring that we have a valid @ses->auth_key.response by checking whether @ses->ses_status is SES_GOOD or SES_EXITING with @ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()"), we made sure to call ->logoff() only when @ses was known to be good (e.g. valid ->auth_key.response), so it's safe to access signing key when @ses->ses_status == SES_EXITING.

CVSS Base Scores

version 3.1