What is CVE-2024-58087?

A high-severity vulnerability has been identified in the Linux kernel, specifically related to session management in ksmbd. Organizations using affected versions should prioritize patching to mitigate potential risks.

What is the severity of CVE-2024-58087?

CVE-2024-58087 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2024-58087 | Linux

In the Linux kernel, a high-severity vulnerability has been identified, which allows potential attackers to exploit session management issues in ksmbd. The vulnerability stems from a race condition in session lookup and expiration logic. Specifically, the session reference count must be incremented within the lock during lookup to prevent session expiration conflicts. With a CVSS score of 8.1, this vulnerability is classified as high severity, necessitating immediate attention from organizations reliant on the Linux kernel.

Risk to organizations includes unauthorized access and denial of service due to potential session management failures. As this vulnerability affects network components of the Linux kernel, the risk extends to any system utilizing ksmbd. Organizations should prioritize patching immediately to safeguard their infrastructures against possible exploitation.

As of the current reports, there are no known exploits or public proof of concepts available for this vulnerability. However, the high exploitation potential indicates that attackers may leverage this weakness to gain unauthorized access or disrupt services if not addressed promptly.

Given the severity and potential impact of this vulnerability, organizations should address it in their priority patch cycle. Regular updates and vulnerability management practices are vital for maintaining a secure operating environment.

Vulnerability Details

The vulnerability, identified as CVE-2024-58087, pertains to the Linux kernel's ksmbd component, which handles SMB protocol services. The vulnerability has been categorized under CWE-667, indicating an issue related to improper synchronization. The high CVSS score of 8.1 reflects the seriousness of potential impacts, as successful exploitation could lead to significant confidentiality, integrity, and availability issues.

The vulnerability was published on March 12, 2025. Organizations using the Linux kernel, particularly versions prior to the latest patches, should assess their systems for this vulnerability.

Technical Analysis

Root cause analysis reveals that the vulnerability arises from the ksmbd implementation, where the session reference count is not adequately managed during session lookup processes. This oversight creates a race condition that can lead to session expiration issues.

The attack vector is classified as network-based, meaning that an attacker could exploit this vulnerability remotely. The attack complexity is rated as high, requiring specific conditions to be met for successful exploitation. Importantly, no user interaction is required, allowing attackers to target systems without needing physical access.

The vulnerability has the potential to impact confidentiality, integrity, and availability significantly, as unauthorized access could lead to data breaches or service disruptions.

Risk & Impact Analysis

The deployment risk associated with this vulnerability is substantial for organizations using the affected versions of the Linux kernel. The potential for unauthorized access and denial of service presents a critical threat landscape. This vulnerability's blast radius could extend significantly, affecting not only individual systems but also networked environments relying on ksmbd.

With the CVSS score of 8.1 indicating high severity, organizations must act swiftly to mitigate risks. The urgency to patch stems from the potential exploitation that could lead to severe repercussions, including data loss and system downtime.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the Linux kernel. Specifically, versions prior to the vendor patch are at risk. This includes versions starting from 5.15 and not exceeding 5.15.176, as well as 5.16 up to 6.1.121, and 6.2 up to 6.6.67. Additionally, versions 6.7 up to 6.12.6 and the release candidates 6.13:rc1 and 6.13:rc2 are also affected.

Mitigation & Remediation

Organizations should prioritize applying the available patches to mitigate the risks associated with this vulnerability. For those unable to apply the patch immediately, it is essential to enhance security controls, including network segmentation and monitoring suspicious activities around ksmbd services.

It is advisable to consult the latest patch notes and security advisories from Linux for detailed instructions on remediation. For further guidance on security best practices, organizations can refer to the penetration testing methodologies that can help identify additional vulnerabilities in the environment.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-58087: High Vulnerability in Linux Linux Kernel