CVE-2024-46686: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46686 is a vulnerability in the Linux kernel's SMB client implementation, discovered and disclosed in September 2024. The vulnerability specifically affects the smb2newreadreq() function when called from SMB2read() while using RDMA and reaching the rdmareadwritethreshold. This issue impacts various Linux kernel versions from 6.1.16 through 6.10.8 (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue in the Linux kernel's SMB client code. The problem occurs in the smb2newread_req() function where rdata could be NULL when using RDMA operations. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a NULL pointer dereference in the Linux kernel's SMB client implementation, potentially causing system crashes or denial of service conditions when specific RDMA operations are performed (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through a patch that adds a NULL check before accessing rdata in the smb2newread_req() function. The fix has been backported to various stable kernel versions. Users should update to patched kernel versions: 6.1.108 or later for the 6.1 series, 6.6.49 or later for the 6.6 series, and 6.10.8 or later for the 6.10 series (Kernel Patch).