Amazon Linux AMI: CVE-2024-53179: Security patch for kernel (ALAS-2025-1966)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free of signing key

Customers have reported use-after-free in @ses->auth_key.response with

SMB2.1 + sign mounts which occurs due to following race:

task A task B

cifs_mount()

dfs_mount_share()

get_session()

cifs_mount_get_session() cifs_send_recv()

cifs_get_smb_ses() compound_send_recv()

cifs_setup_session() smb2_setup_request()

kfree_sensitive() smb2_calc_signature()

crypto_shash_setkey() *UAF*

Fix this by ensuring that we have a valid @ses->auth_key.response by

checking whether @ses->ses_status is SES_GOOD or SES_EXITING with

@ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF

in smb2_reconnect_server()"), we made sure to call ->logoff() only

when @ses was known to be good (e.g. valid ->auth_key.response), so

it's safe to access signing key when @ses->ses_status == SES_EXITING.