{"id":"AZL-52926","summary":"CVE-2024-50152 affecting package kernel for versions less than 6.6.64.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning：\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 |         kfree(ea);\n      |         ^~~~~~~~~\n\nThere is a double free in such case:\n'ea is initialized to NULL' -\u003e 'first successful memory allocation for\nea' -\u003e 'something failed, goto sea_exit' -\u003e 'first memory release for ea'\n-\u003e 'goto replay_again' -\u003e 'second goto sea_exit before allocate memory\nfor ea' -\u003e 'second memory release for ea resulted in double free'.\n\nRe-initialie 'ea' to NULL near to the replay_again label, it can fix this\ndouble free problem.","modified":"2026-04-01T05:26:32.915908Z","published":"2024-11-07T10:15:06Z","upstream":["CVE-2024-50152"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50152"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.64.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52926.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}