CVE-2024-57925
Published: 19 January 2025
Summary
CVE-2024-57925 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the NULL pointer dereference flaw in the ksmbd module by applying the specified upstream kernel patches to prevent exploitation.
Addresses the root cause by requiring systems to handle allocation failures and errors gracefully without leading to illegal memory accesses or crashes.
Provides kernel-level memory protections that mitigate potential corruption or crashes from the illegal memory write triggered by the NULL pointer dereference.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption vulnerability in ksmbd enables exploitation for privilege escalation by a low-privileged attacker.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead…
more
to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access.
Deeper analysisAI
CVE-2024-57925 is a NULL pointer dereference vulnerability (CWE-476) in the Linux kernel's ksmbd module, which implements the SMB server protocol. The issue occurs in the smb2_send_interim_resp() function, where a failure of ksmbd_alloc_work_struct() to allocate a work structure results in a NULL pointer being assigned to in_work. Without checking this return value, the subsequent allocate_interim_rsp_buf() function attempts a kzalloc() on the NULL pointer, causing an illegal memory write. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by triggering the smb2_send_interim_resp() path under conditions where memory allocation fails, such as in low-memory scenarios. Successful exploitation leads to high integrity and availability impacts, potentially resulting in kernel crashes, denial of service, or memory corruption, though confidentiality is not affected.
Mitigation requires applying the relevant upstream kernel patches, as detailed in the stable kernel commit references: 271ae0edbfc942795c162e6cf20d2bc02bd7fde4, 2976e91a3e569cf2c92c9f71512c0ab1312fe965, 4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c, 781c743e18bfd9b7dc0383f036ae952bd1486f21, and ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce. These commits add a return value check for ksmbd_alloc_work_struct() to ensure the function exits early on allocation failure, preventing the illegal memory access.
Details
- CWE(s)