CVE-2024-46697

EPSS 0.02%
Veröffentlicht 13.09.2024 06:15:14
Zuletzt bearbeitet 19.09.2024 17:53:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

nfsd: ensure that nfsd4_fattr_args.context is zeroed out

If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to
checking for the security label, then args.context will be set to
uninitialized junk on the stack, which we'll then try to free.
Initialize it early.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.8

Linux ≫ Linux Kernel Version6.11 Updaterc1

Linux ≫ Linux Kernel Version6.11 Updaterc2

Linux ≫ Linux Kernel Version6.11 Updaterc3

Linux ≫ Linux Kernel Version6.11 Updaterc4

Linux ≫ Linux Kernel Version6.11 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0

Patch

https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-46697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-46697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-46697

EUVD