PT-2024-33887 · Linux+8 · Linux Kernel+8
Yanjun Zhang
·
Published
2024-10-21
·
Updated
2025-10-03
·
CVE-2024-50046
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A NULL-pointer dereference issue was found in the Linux kernel's NFSv4 implementation, specifically in the
nfs42 complete copies() function. This issue can occur when files are copied from one location to another on the same NFS server, resulting in a kernel crash. The error is indicated by a syslog message showing a state recovery failure for an open file, followed by a memory abort and an internal error.Recommendations:
To resolve this issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the
nfs42 complete copies() function until a patch is available. However, this may have unintended consequences and should be approached with caution.Exploit
Fix
NULL Pointer Dereference
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu