CVE-2024-53173
HIGH
Published 2024-12-27T13:49:17.981Z
Actions:
CVSS Score
V3.1
7.8
/10
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.000
probability
of exploitation in the wild
There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.051
Higher than 5.1% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.0: Fix a use-after-free problem in the asynchronous open()
Yang Erkun reports that when two threads are opening files at the same
time, and are forced to abort before a reply is seen, then the call to
nfs_release_seqid() in nfs4_opendata_free() can result in a
use-after-free of the pointer to the defunct rpc task of the other
thread.
The fix is to ensure that if the RPC call is aborted before the call to
nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()
in nfs4_open_release() before the rpc_task is freed.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
24ac23ab88df5b21b5b2df8cde748bf99b289099
References
Published: 2024-12-27T13:49:17.981Z
Last Modified: 2025-05-04T09:54:53.469Z
Copied to clipboard!