CVE-2024-53217: NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | ||
| Linux Kernel | >=2.6.38<4.19.325 | |
| Linux Kernel | >=4.20<5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/d9a0d1f6e15859ea7a86a327f28491e23deaaa62
- https://git.kernel.org/stable/c/cac1405e3ff6685a438e910ad719e0cf06af90ee
- https://git.kernel.org/stable/c/752a75811f27300fe8131b0a1efc91960f6f88e7
- https://git.kernel.org/stable/c/c5d90f9302742985a5078e42ac38de42c364c44a
- https://git.kernel.org/stable/c/0c3b0e326f838787d229314d4de83af9c53347e8
- https://git.kernel.org/stable/c/eb51733ae5fc73d95bd857d5da26f9f65b202a79
- https://git.kernel.org/stable/c/03178cd8f67227015debb700123987fe96275cd1
- https://git.kernel.org/stable/c/4a4ffc1aa9d618e41ad9151f40966e402e58a5a2
- https://git.kernel.org/stable/c/1e02c641c3a43c88cecc08402000418e15578d38
Frequently Asked Questions
What is the severity of CVE-2024-53217?
The severity of CVE-2024-53217 is considered moderate due to the potential for a NULL dereference in the Linux kernel.
How do I fix CVE-2024-53217?
To fix CVE-2024-53217, update your Linux kernel to a patched version that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-53217?
CVE-2024-53217 affects Linux kernel versions between 2.6.38 and 6.12.2.
What components are impacted by CVE-2024-53217?
CVE-2024-53217 specifically impacts the NFSD and its handling of backchannel sessions.
Is there a workaround for CVE-2024-53217?
No official workaround is available for CVE-2024-53217; the recommended approach is to upgrade to the latest kernel version.
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.38
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12