CVE-2024-58087: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58087 is a vulnerability in the Linux kernel's ksmbd component, discovered in December 2024. The vulnerability affects the session lookup and expire functionality in the ksmbd implementation. It impacts multiple versions of the Linux kernel, including versions from 5.16 to 6.13-rc2 (NVD).

The vulnerability stems from a race condition in the ksmbd session management code, specifically related to improper locking when performing operations on session objects. The issue involves the lack of proper session reference count increment within the lock for lookup, which can lead to race conditions with session expiration. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 HIGH (Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified as CWE-667 (Improper Locking) (NVD).

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel with ksmbd enabled. An attacker can leverage this vulnerability to execute code in the context of the kernel, potentially leading to complete system compromise. Authentication is not required to exploit this vulnerability, though systems must have ksmbd enabled to be vulnerable (ZDI Advisory).

The vulnerability has been patched in the Linux kernel. The fix involves incrementing the session reference count within the lock for lookup to avoid race conditions with session expiration. Multiple patches have been released across different kernel versions to address this issue (Kernel Patch).

The vulnerability was discovered by Hexrabbit (@h3xr4bb1t) of DEVCORE Research Team and was coordinated through the Zero Day Initiative. The disclosure process followed standard responsible disclosure practices, with the vendor being notified before public disclosure (ZDI Advisory).