cve 2024 26928

CVE-2024-26928 is a Linux kernel vulnerability in the CIFS/SMB client that involves a use-after-free (UAF) bug in the debug path. The flaw occurs in the cifs_debug_files_proc_show() function, which exposes CIFS internal state via /proc. When a session is being torn down (status SES_EXITING), accessing its objects can lead to dereferencing freed memory, potentially allowing an attacker to cause denial of service or kernel instability. The fix adds a simple check to skip sessions with SES_EXITING status, preventing the race condition. This vulnerability is narrow in scope but significant for systems using the Linux CIFS/SMB client, particularly in enterprise or server environments where kernel stability is critical.