CVE-2024-50106

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 12, 2024
CWE ID 416

Summary

CVE-2024-50106: A race condition vulnerability in the Linux kernel's NFS daemon (nfsd) has been identified and resolved. The issue lies between laundromat handling of revoked delegations and free_stateid operations. When a delegation is marked for revocation, the laundromat thread removes it from the reaper list and frees the delegation stid structure. However, if a new open request comes in before the laundromat thread calls revoke_delegation(), nfsd_breaker_owns_lease() will attempt to dereference a freed delegation stateid, resulting in a use-after-free KASAN warning. The proposed patch introduces two new stid's sc_status values to help coordinate between the laundromat and other operations, ensuring that the stid is not removed before it is properly revoked and preventing a use-after-free error.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share