CVE-2024-57895: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57895 affects the Linux kernel's ksmbd module. The vulnerability was discovered when David Disseldorp reported a warning from setattrcopymgtime, indicating that ksmbd was attempting to set the atime and mtime via notify_change without also setting the ctime. The issue affects Linux kernel versions from 5.15 up to (excluding) 6.6.70, and from 6.7 up to (excluding) 6.12.9, as well as versions 6.13-rc1 and 6.13-rc2 (NVD).

The vulnerability stems from improper handling of timestamp attributes in the ksmbd module. When setting file timestamps through the SMB protocol, the code was not properly setting the ATTRCTIME flag when modifying mtime, leading to a kernel warning. The issue manifests in the setfilebasicinfo function within the SMB2 protocol handling code. The CVSS v3.1 score for this vulnerability is 5.5 (MEDIUM) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability's impact is primarily related to system stability and logging consistency. While it does not pose direct security risks in terms of confidentiality or integrity, it can affect the availability of the system through kernel warnings and potential system instability (NVD).

The issue has been resolved through a patch that adds ATTRCTIME flags when setting mtime. The fix involves modifying the setfilebasicinfo function to properly handle timestamp attributes by adding ATTR_CTIME flags when setting mtime (Kernel Patch).