CVE-2024-50121
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 416
Summary
CVE-2024-50121: A vulnerability was identified in the Linux kernel's NFS (Network File System) subsystem, specifically in the nfsd (NFS daemon) component. When shutting down the NFS service, if the `nfsd_shrinker_work` is not canceled properly, it can lead to objects remaining in the `nfsd_file` cache. This issue results in use-after-free errors and warnings, potentially causing instability in the system. To mitigate this issue, the recommended action is to modify the `nfs4_state_shutdown_net` function to cancel `nfsd_shrinker_work` using synchronous mode.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share