PT-2024-3364 · Linux+10 · Linux Kernel+10
Josef Bacik
·
Published
2024-03-09
·
Updated
2025-09-29
·
CVE-2024-26958
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a use-after-free vulnerability in the direct writes functionality of the Network File System (NFS) in the Linux kernel. This occurs when the
nfs direct request is completed twice in a row, leading to a refcount t underflow and a use-after-free warning. The source of this issue is the completion path for commit requests, where asynchronous requests may complete before the next one is submitted, resulting in the nfs direct request being completed twice. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.Technical details about exploitation include:
- The vulnerable function is
nfs direct write schedule work(). - The issue arises from the repeated completion of
nfs direct request. - The
nfs commit end()function is involved in the completion path for commit requests. - The
get dreq()andput dreq()calls are used around event processing and completion paths.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu