CVE-2024-36958

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix nfsd4_encode_fattr4() crasher

Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux83ab8678ad0c6f27594c716cafe59c8bbd5e49ef < 6a7b07689af6e4e023404bf69b1230f43b2a15bcaffected
LinuxLinux83ab8678ad0c6f27594c716cafe59c8bbd5e49ef < 18180a4550d08be4eb0387fe83f02f703f92d4e7affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References