5.5

CVE-2024-50241

EPSS 0.05%
Veröffentlicht 09.11.2024 11:15:09
Zuletzt bearbeitet 14.12.2024 21:15:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Initialize struct nfsd4_copy earlier

Ensure the refcount and async_copies fields are initialized early.
cleanup_async_copy() will reference these fields if an error occurs
in nfsd4_copy(). If they are not correctly initialized, at the very
least, a refcount underflow occurs.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.10.14 < 6.11.7

Linux ≫ Linux Kernel Version6.12 Updaterc1

Linux ≫ Linux Kernel Version6.12 Updaterc2

Linux ≫ Linux Kernel Version6.12 Updaterc3

Linux ≫ Linux Kernel Version6.12 Updaterc4

Linux ≫ Linux Kernel Version6.12 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/059434d23c4578d9d02efb92d848ea21bc640112

https://git.kernel.org/stable/c/421f1a2a1afb47d88de09457ef7687e1df7bc997

https://git.kernel.org/stable/c/63fab04cbd0f96191b6e5beedc3b643b01c15889

Patch

Mailing List

https://git.kernel.org/stable/c/7267625baf365a969f1b25ded6f07b64bc90ec5b

https://git.kernel.org/stable/c/c3074003fa6837c2b89a34d8d12d9463b59d22d6

https://git.kernel.org/stable/c/e30a9a2f69c34a00a3cb4fd45c5d231929e66fb1

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-50241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50241

EUVD