5.5

CVE-2024-42078

nfsd: initialise nfsd_info.mutex early.

In the Linux kernel, the following vulnerability has been resolved:

nfsd: initialise nfsd_info.mutex early.

nfsd_info.mutex can be dereferenced by svc_pool_stats_start()
immediately after the new netns is created.  Currently this can
trigger an oops.

Move the initialisation earlier before it can possibly be dereferenced.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.8
LinuxLinux Kernel Version >= 6.9 < 6.9.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://git.kernel.org/stable/c/7e8b94045bc77ce4f085ddfb9eb04e5760e66169
Patch
https://git.kernel.org/stable/c/e0011bca603c101f2a3c007bdb77f7006fa78fb1
Patch