CVE-2024-46696

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix potential UAF in nfsd4_cb_getattr_release

Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc5967721e1063648b0506481585ba7e2e49a075e < e0b66698a5ae41078f7490e8b3527013f5fccd6caffected
LinuxLinuxc5967721e1063648b0506481585ba7e2e49a075e < 1116e0e372eb16dd907ec571ce5d4af325c55c10affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.10.8 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References