CVE-2024-58087
Published: 12 March 2025
Summary
CVE-2024-58087 is a high-severity Improper Locking (CWE-667) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 23.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific race condition flaw in ksmbd by applying the published kernel patches that increment the session reference count within the lock during lookup.
Vulnerability monitoring and scanning identifies the presence of CVE-2024-58087 in Linux kernel versions by matching against CVE databases and kernel builds.
Provides awareness of CVE-2024-58087 through security alerts and advisories from kernel maintainers and vendors, enabling prioritization for remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The race condition vulnerability in the ksmbd SMB daemon directly enables remote exploitation of the service over the network, mapping to Exploitation of Remote Services.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.
Deeper analysisAI
CVE-2024-58087 is a race condition vulnerability in the ksmbd (Kernel SMB Daemon) component of the Linux kernel. The flaw stems from a racy issue between session lookup and session expiration, where the session reference count is not incremented within the lock during lookup, potentially leading to improper handling of SMB sessions. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-667 (Improper Locking). The vulnerability was published on 2025-03-12.
A remote network-based attacker requires no privileges or user interaction but must overcome high attack complexity to exploit it. Successful exploitation could result in high confidentiality, integrity, and availability impacts, potentially allowing unauthorized access to or disruption of SMB sessions managed by ksmbd.
Mitigation involves applying kernel patches that increment the session reference count within the lock during lookup to prevent the race. Relevant stable kernel commits include: https://git.kernel.org/stable/c/2107ab40629aeabbec369cf34b8cf0f288c3eb1b, https://git.kernel.org/stable/c/37a0e2b362b3150317fb6e2139de67b1e29ae5ff, https://git.kernel.org/stable/c/450a844c045ff0895d41b05a1cbe8febd1acfcfd, https://git.kernel.org/stable/c/a39e31e22a535d47b14656a7d6a893c7f6cf758c, and https://git.kernel.org/stable/c/b95629435b84b9ecc0c765995204a4d8a913ed52.
Details
- CWE(s)