[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-50047":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2024-50047","In the Linux kernel, the following vulnerability has been resolved:  smb: client: fix UAF in async decryption  Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API.  Reproducer:     # mount.cifs -o ...,seal,esize=1 //srv/share /mnt     # dd if=/mnt/largefile of=/dev/null     ...     [  194.196391] ==================================================================     [  194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110     [  194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899     [  194.197707]     [  194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43     [  194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014     [  194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]     [  194.200032] Call Trace:     [  194.200191]  \u003CTASK>     [  194.200327]  dump_stack_lvl+0x4e/0x70     [  194.200558]  ? gf128mul_4k_lle+0xc1/0x110     [  194.200809]  print_report+0x174/0x505     [  194.201040]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10     [  194.201352]  ? srso_return_thunk+0x5/0x5f     [  194.201604]  ? __virt_addr_valid+0xdf/0x1c0     [  194.201868]  ? gf128mul_4k_lle+0xc1/0x110     [  194.202128]  kasan_report+0xc8/0x150     [  194.202361]  ? gf128mul_4k_lle+0xc1/0x110     [  194.202616]  gf128mul_4k_lle+0xc1/0x110     [  194.202863]  ghash_update+0x184/0x210     [  194.203103]  shash_ahash_update+0x184/0x2a0     [  194.203377]  ? __pfx_shash_ahash_update+0x10/0x10     [  194.203651]  ? srso_return_thunk+0x5/0x5f     [  194.203877]  ? crypto_gcm_init_common+0x1ba/0x340     [  194.204142]  gcm_hash_assoc_remain_continue+0x10a/0x140     [  194.204434]  crypt_message+0xec1/0x10a0 [cifs]     [  194.206489]  ? __pfx_crypt_message+0x10/0x10 [cifs]     [  194.208507]  ? srso_return_thunk+0x5/0x5f     [  194.209205]  ? srso_return_thunk+0x5/0x5f     [  194.209925]  ? srso_return_thunk+0x5/0x5f     [  194.210443]  ? srso_return_thunk+0x5/0x5f     [  194.211037]  decrypt_raw_data+0x15f/0x250 [cifs]     [  194.212906]  ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]     [  194.214670]  ? srso_return_thunk+0x5/0x5f     [  194.215193]  smb2_decrypt_offload+0x12a/0x6c0 [cifs]  This is because TFM is being used in parallel.  Fix this by allocating a new AEAD TFM for async decryption, but keep the existing one for synchronous READ cases (similar to what is done in smb3_calc_signature()).  Also remove the calls to aead_request_set_callback() and crypto_wait_req() since it's always going to be a synchronous operation.",null,[],[],[],[14],{"_key":15},"CVE-2024-50047",[17,19,21],{"_key":18},"DLA-4076-1",{"_key":20},"DLA-4178-1",{"_key":22},"DSA-5860-1",[],[],"2024-10-21T20:15:17.507Z","2026-04-28T20:28:49.549555Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2024-50047",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[46,65],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,58,61,64],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":57,"fixed_in":9},"lt5_10_237_1",true,"ecosystem","5.10.237-1","excluding",{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":57,"fixed_in":9},"lt6_1_128_1","6.1.128-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},"lt6_11_4_1","6.11.4-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},{"ecosystem":47,"name":66,"vendor":49,"product":66,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":66,"source":9,"versions":67},"linux-6.1",[68],{"version":69,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":57,"fixed_in":9},"lt6_1_128_1~deb11u1","6.1.128-1~deb11u1"]