CVE-2024-50285

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-770
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit.

Related Vulnerabilities

CVE-2017-0771

MEDIUM
CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

CWE-7702017

CVE-2017-12144

MEDIUM
CVSS:5.5(Medium)

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-7702017

CVE-2017-13716

MEDIUM
CVSS:5.5(Medium)

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application cra...

CWE-7702017

CVE-2017-14938

MEDIUM
CVSS:5.5(Medium)

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive me...

CWE-7702017

CVE-2017-2587

MEDIUM
CVSS:5.5(Medium)

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

CWE-7702017

CVE-2017-9039

MEDIUM
CVSS:5.5(Medium)

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

CWE-7702017