{"id":"CVE-2024-50152","summary":"smb: client: fix possible double free in smb2_set_ea()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning：\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 |         kfree(ea);\n      |         ^~~~~~~~~\n\nThere is a double free in such case:\n'ea is initialized to NULL' -\u003e 'first successful memory allocation for\nea' -\u003e 'something failed, goto sea_exit' -\u003e 'first memory release for ea'\n-\u003e 'goto replay_again' -\u003e 'second goto sea_exit before allocate memory\nfor ea' -\u003e 'second memory release for ea resulted in double free'.\n\nRe-initialie 'ea' to NULL near to the replay_again label, it can fix this\ndouble free problem.","modified":"2026-05-18T05:57:18.634414884Z","published":"2024-11-07T09:31:28.733Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:1177-1","SUSE-SU-2025:1178-1","SUSE-SU-2025:1180-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50152.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/19ebc1e6cab334a8193398d4152deb76019b5d34"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b1813c220b76f60b1727984794377c4aa849d4c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c9f758ecf2562dfdd4adf12c22921b5de8366123"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50152.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50152"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"433042a91f9373241307725b52de573933ffedbf"},{"fixed":"b1813c220b76f60b1727984794377c4aa849d4c1"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4f1fffa2376922f3d1d506e49c0fd445b023a28e"},{"fixed":"c9f758ecf2562dfdd4adf12c22921b5de8366123"},{"fixed":"19ebc1e6cab334a8193398d4152deb76019b5d34"}]}],"versions":["v6.6.58","v6.6.57","v6.6.56","v6.6.55","v6.6.54","v6.6.53","v6.6.52","v6.6.51","v6.6.50","v6.6.49","v6.6.48","v6.6.47","v6.6.46","v6.6.45","v6.6.44","v6.6.43","v6.6.42","v6.6.41","v6.6.40","v6.6.39","v6.6.38","v6.6.37","v6.6.36","v6.6.35","v6.6.34","v6.6.33","v6.6.32"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50152.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.59"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.11.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50152.json"}}],"schema_version":"1.7.5"}