First published: Tue Dec 24 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <4.19.325 | |
Linux Kernel | >=4.20<5.4.287 | |
Linux Kernel | >=5.5<5.10.231 | |
Linux Kernel | >=5.11<5.15.174 | |
Linux Kernel | >=5.16<6.1.120 | |
Linux Kernel | >=6.2<6.6.64 | |
Linux Kernel | >=6.7<6.11.11 | |
Linux Kernel | >=6.12<6.12.2 | |
debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.19-1 6.12.20-1 |
debian/linux-6.1 | 6.1.128-1~deb11u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-53146 has been assigned a severity rating based on the potential for integer overflow in the Linux kernel's NFSD.
To mitigate CVE-2024-53146, update the Linux kernel to a version that includes the patch for this vulnerability.
CVE-2024-53146 affects various versions of the Linux kernel, specifically those prior to 4.19.325 and certain versions between 4.20 and 6.12.
Exploitation of CVE-2024-53146 could potentially lead to system instability or unauthorized access due to an integer overflow.
As of now, there is no confirmed active exploit for CVE-2024-53146 reported in the wild.