5.5

CVE-2024-53146

NFSD: Prevent a potential integer overflow

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Prevent a potential integer overflow

If the tag length is >= U32_MAX - 3 then the "length + 4" addition
can result in an integer overflow. Address this by splitting the
decoding into several steps so that decode_cb_compound4res() does
not have to perform arithmetic on the unsafe length value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.325
LinuxLinux Kernel Version >= 4.20 < 5.4.287
LinuxLinux Kernel Version >= 5.5 < 5.10.231
LinuxLinux Kernel Version >= 5.11 < 5.15.174
LinuxLinux Kernel Version >= 5.16 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.64
LinuxLinux Kernel Version >= 6.7 < 6.11.11
LinuxLinux Kernel Version >= 6.12 < 6.12.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/084f797dbc7e52209a4ab6dbc7f0109268754eb9
Patch
https://git.kernel.org/stable/c/3c5f545c9a1f8a1869246f6f3ae8c17289d6a841
Patch
https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8
Patch
https://git.kernel.org/stable/c/7f33b92e5b18e904a481e6e208486da43e4dc841
Patch
https://git.kernel.org/stable/c/842f1c27a1aef5367e535f9e85c8c3b06352151a
Patch
https://git.kernel.org/stable/c/90adbae9dd158da8331d9fdd32077bd1af04f553
Patch
https://git.kernel.org/stable/c/ccd3394f9a7200d6b088553bf38e688620cd27af
Patch
https://git.kernel.org/stable/c/dde654cad08fdaac370febb161ec41eb58e9d2a2
Patch
https://git.kernel.org/stable/c/de53c5305184ca1333b87e695d329d1502d694ce
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html