CVE-2024-26592: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-26592 is a critical vulnerability in the Linux kernel's KSMBD file server component, discovered in early 2024. The vulnerability affects Linux kernel versions from 5.15.0 up to (excluding) 5.15.149, 5.16.0 to 6.1.75, 6.2.0 to 6.6.14, and 6.7.0 to 6.7.2. The issue stems from a race condition between the handling of new TCP connections and their disconnection in the KSMBD file server, which is responsible for file sharing with Windows machines (NVD, SecurityOnline).

The vulnerability is classified as a Use-After-Free (UAF) issue that occurs specifically in the ksmbd_tcp_new_connection() function. The race condition exists between the handling of a new TCP connection and its disconnection, leading to potential use of freed memory in the struct tcp_transport. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) from NVD and 9.0 (Critical) from ZDI, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, ZDI).

The vulnerability can potentially allow attackers to execute arbitrary code within the kernel context, effectively gaining complete control over the affected system. However, the impact is limited to systems that have KSMBD enabled. The high severity ratings reflect the potential for complete system compromise if successfully exploited (SecurityOnline).

The vulnerability has been patched in the Linux kernel, with fixes available through multiple kernel version updates. The fix involves modifying how the kernel handles TCP connection threads in the KSMBD module. System administrators are advised to update to the patched kernel versions: 5.15.149 or later, 6.1.75 or later, 6.6.14 or later, or 6.7.2 or later (NVD).