ksmbd:检查未完成的同时 SMB 操作(CVE-2024-50285)
CVE编号
CVE-2024-50285
利用情况
暂无
补丁情况
N/A
披露时间
2024-11-19
漏洞描述
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: check outstanding simultaneous SMB operations
If Client send simultaneous SMB operations to ksmbd, It exhausts too much
memory through the "ksmbd_work_cache”. It will cause OOM issue.
ksmbd has a credit mechanism but it can't handle this problem. This patch
add the check if it exceeds max credits to prevent this problem by assuming
that one smb request consumes at least one credit.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
文章评论