PT-2024-35663 · Linux+8 · Linux Kernel+8
Published
2024-11-18
·
Updated
2026-05-26
·
CVE-2024-53216
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.12.0-rc3+
Description
A vulnerability in the Linux kernel has been resolved, specifically in the nfsd module. The issue arises when the last reference for
cache head is reduced to zero in c show and e show using rcu read lock and rcu read unlock. This leads to two problems:svc export putdirectly freesex uuid, bute show/c showaccessesex uuidaftercache put, potentially triggering a use-after-free issue.svc export put/expkey putcallspath put, which triggers a sleeping operation due to the followingdput, while usingrcu read lock/rcu read unlockdoes not allow sleeping.
Recommendations
To resolve the issue, use
rcu work to help release svc expkey/svc export. This approach allows for an asynchronous context to invoke path put and also facilitates the freeing of uuid/exp/key after an RCU grace period.
As a temporary workaround, consider disabling the svc export show function until a patch is available.
Restrict access to the vulnerable nfsd module to minimize the risk of exploitation.Exploit
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu