CVE-2024-53217

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < d9a0d1f6e15859ea7a86a327f28491e23deaaa62affected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < cac1405e3ff6685a438e910ad719e0cf06af90eeaffected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < 752a75811f27300fe8131b0a1efc91960f6f88e7affected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < c5d90f9302742985a5078e42ac38de42c364c44aaffected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < 0c3b0e326f838787d229314d4de83af9c53347e8affected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < eb51733ae5fc73d95bd857d5da26f9f65b202a79affected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < 03178cd8f67227015debb700123987fe96275cd1affected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < 4a4ffc1aa9d618e41ad9151f40966e402e58a5a2affected
LinuxLinuxdcbeaa68dbbdacbbb330a86c7fc95a28473fc209 < 1e02c641c3a43c88cecc08402000418e15578d38affected
LinuxLinux2.6.38affected
LinuxLinux0 < 2.6.38unaffected
LinuxLinux4.19.325 <= 4.19.*unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References