Vulnerability Details CVE-2024-50241
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Initialize struct nfsd4_copy earlier
Ensure the refcount and async_copies fields are initialized early.
cleanup_async_copy() will reference these fields if an error occurs
in nfsd4_copy(). If they are not correctly initialized, at the very
least, a refcount underflow occurs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.3%
CVSS Severity
CVSS v3 Score 5.5
References
- https://git.kernel.org/stable/c/059434d23c4578d9d02efb92d848ea21bc640112
- https://git.kernel.org/stable/c/421f1a2a1afb47d88de09457ef7687e1df7bc997
- https://git.kernel.org/stable/c/63fab04cbd0f96191b6e5beedc3b643b01c15889
- https://git.kernel.org/stable/c/7267625baf365a969f1b25ded6f07b64bc90ec5b
- https://git.kernel.org/stable/c/c3074003fa6837c2b89a34d8d12d9463b59d22d6
- https://git.kernel.org/stable/c/e30a9a2f69c34a00a3cb4fd45c5d231929e66fb1
Products affected by CVE-2024-50241
-
cpe:2.3:o:linux:linux_kernel:6.10.14
-
cpe:2.3:o:linux:linux_kernel:6.11
-
cpe:2.3:o:linux:linux_kernel:6.11.1
-
cpe:2.3:o:linux:linux_kernel:6.11.2
-
cpe:2.3:o:linux:linux_kernel:6.11.3
-
cpe:2.3:o:linux:linux_kernel:6.11.4
-
cpe:2.3:o:linux:linux_kernel:6.11.5
-
cpe:2.3:o:linux:linux_kernel:6.11.6
-
cpe:2.3:o:linux:linux_kernel:6.12