PT-2024-32744 · Linux+8 · Linux Kernel+8

Li Lingfeng

Published

2024-09-03

Updated

2025-09-29

CVE-2024-47692

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description A vulnerability in the Linux kernel has been resolved, specifically in the nfsd component. When a corrupted main.sqlite file is present in /var/lib/nfs/nfsdcld/, it may result in a null pointer dereference in the nfs4 client to reclaim() function. This occurs because memdup user() returns ZERO SIZE PTR when namelen is 0. The issue can be triggered when accessing the name.data assigned the value of ZERO SIZE PTR.

Technical details about exploitation include:

The nfs4 client to reclaim() function is vulnerable to null pointer dereference.
The memdup user() function returns ZERO SIZE PTR when namelen is 0.
The issue is triggered when accessing name.data assigned the value of ZERO SIZE PTR.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider checking namelen to prevent null pointer dereference in the nfs4 client to reclaim() function.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-14046

ALT-PU-2024-14268

ALT-PU-2024-14270

ALT-PU-2024-14503

ALT-PU-2024-15739

ALT-PU-2024-16172

AZL-50827

AZL-50939

BDU:2025-03285

CVE-2024-47692

DLA-4008-1

DLA-4075-1

INFSA-2025_6966

MGASA-2024-0344

MGASA-2024-0345

OESA-2024-2321

OESA-2024-2322

OESA-2024-2325

OESA-2024-2371

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2024_3983-1

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3985-1

OPENSUSE-SU-2024_3986-1

OPENSUSE-SU-2025:14705-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2024:3983-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7166-1

USN-7166-2

USN-7166-3

USN-7166-4

USN-7186-1

USN-7186-2

USN-7194-1

USN-7276-1

USN-7277-1

USN-7293-1

USN-7294-1

USN-7294-2

USN-7294-3

USN-7294-4

USN-7295-1

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7393-1

USN-7401-1

USN-7403-1

USN-7413-1

USN-7468-1

USN-7539-1

USN-7540-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-32744 · Linux+8 · Linux Kernel+8

CVE-2024-47692

Weakness Enumeration

Related Identifiers

Affected Products

References · 3196