CVE-2024-50241

In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4_copy earlier Ensure the refcount and async_copies fields are initialized early. cleanup_async_copy() will reference these fields if an error occurs in nfsd4_copy(). If they are not correctly initialized, at the very least, a refcount underflow occurs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

History

14 Nov 2024, 16:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/63fab04cbd0f96191b6e5beedc3b643b01c15889 - () https://git.kernel.org/stable/c/63fab04cbd0f96191b6e5beedc3b643b01c15889 - Mailing List, Patch
References () https://git.kernel.org/stable/c/e30a9a2f69c34a00a3cb4fd45c5d231929e66fb1 - () https://git.kernel.org/stable/c/e30a9a2f69c34a00a3cb4fd45c5d231929e66fb1 - Mailing List, Patch
CWE CWE-908
First Time Linux
Linux linux Kernel

12 Nov 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSD: inicializar struct nfsd4_copy antes Asegúrese de que los campos refcount y async_copies se inicialicen antes. cleanup_async_copy() hará referencia a estos campos si se produce un error en nfsd4_copy(). Si no se inicializan correctamente, como mínimo, se produce un desbordamiento de refcount.

09 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-09 11:15

Updated : 2024-11-14 16:45


NVD link : CVE-2024-50241

Mitre link : CVE-2024-50241

CVE.ORG link : CVE-2024-50241


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-908

Use of Uninitialized Resource