CVE-2024-50241
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50241 is a newly identified vulnerability in the Linux kernel. This issue affects the NFS (Network File System) module, specifically the nfsd4_copy() function. The problem lies in the incorrect initialization order of the refcount and async_copies fields in this function. As a result, if an error occurs during the copy process, cleanup_async_copy() may reference uninitialized fields, leading to a refcount underflow. This vulnerability could potentially be exploited by attackers to cause denial-of-service conditions or gain unauthorized access to the system. It is crucial that Linux users apply the necessary patches or upgrades to address this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX