CVE-2024-42078

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: initialise nfsd_info.mutex early.

nfsd_info.mutex can be dereferenced by svc_pool_stats_start() immediately after the new netns is created. Currently this can trigger an oops.

Move the initialisation earlier before it can possibly be dereferenced.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7b207ccd983350a5dedd132b57c666186dd02a7c < 7e8b94045bc77ce4f085ddfb9eb04e5760e66169affected
LinuxLinux7b207ccd983350a5dedd132b57c666186dd02a7c < e0011bca603c101f2a3c007bdb77f7006fa78fb1affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References