PT-2024-33816 · Linux+8 · Linux Kernel+8

Chuck Lever

·

Published

2024-10-21

·

Updated

2025-10-24

·

CVE-2024-49974

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue concerns the Linux kernel's NFSD, where there is no limit to the number of concurrent async COPY operations that clients can start. Each async COPY can copy an unlimited number of 4MB chunks, potentially running for a long time and becoming a Denial of Service (DoS) vector. A restriction mechanism has been implemented to bound the number of concurrent background COPY operations per namespace. If this limit is exceeded, an async COPY request receives NFS4ERR DELAY, and the client can choose to resend the request after a delay or use a traditional read/write style copy.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-52062
AZL-52116
BDU:2025-04512
CVE-2024-49974
DLA-4008-1
DLA-4075-1
DSA-5818-1
INFSA-2025_6966
OESA-2024-2321
OESA-2024-2322
OESA-2024-2324
OESA-2024-2325
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4140-1
OPENSUSE-SU-2025:14705-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3983-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4081-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4103-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4140-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:03636-1
SUSE-SU-2025:03663-1
SUSE-SU-2025:03671-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025:20884-1
SUSE-SU-2025:20886-1
SUSE-SU-2025:20890-1
SUSE-SU-2025:20891-1
SUSE-SU-2025:20909-1
SUSE-SU-2025:20920-1
SUSE-SU-2025:3675-1
SUSE-SU-2025:3704-1
SUSE-SU-2025:3721-1
SUSE-SU-2025:3734-1
SUSE-SU-2025:3742-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7403-1
USN-7407-1
USN-7421-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7461-1
USN-7461-2
USN-7461-3
USN-7462-1
USN-7462-2
USN-7463-1
USN-7468-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu