CVE-2024-53185: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53185 is a NULL pointer dereference vulnerability in the Linux kernel's SMB client implementation, specifically in the crypto_aead_setkey() function. The vulnerability was discovered on December 27, 2024, affecting Linux kernel versions from 6.6.57 to 6.6.64, 6.11.4 to 6.11.11, and 6.12.0 to 6.12.2 (NVD).

The vulnerability occurs when SMB3.02 client attempts to handle encryption negotiation. Neither SMB3.0 nor SMB3.02 supports encryption negotiate context, but when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. A previous fix (commit b0abcd65ec54) added a server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but this check would always be false as server->cipher_type is unset for SMB3.02, leading to a NULL pointer dereference. The vulnerability has a CVSS v3.1 base score of 5.5 (MEDIUM) according to NIST, and 7.8 (HIGH) according to CISA-ADP (NVD).

When exploited, this vulnerability can cause a system crash due to NULL pointer dereference in the crypto_aead_setkey function when attempting to mount an SMB share with specific encryption settings. This primarily affects systems using the CIFS/SMB client functionality in the Linux kernel (Kernel Patch).

The vulnerability has been patched in the Linux kernel by setting server->cipher_type for SMB3.02 when the SMB2_GLOBAL_CAP_ENCRYPTION flag is set. Users should update to the latest kernel version that includes the fix (Kernel Patch).