CVE-2024-50241

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 9, 2024
Updated: Nov 14, 2024
CWE ID 908

Summary

CVE-2024-50241 is a newly identified vulnerability in the Linux kernel. This issue affects the NFS (Network File System) module, specifically the nfsd4_copy() function. The problem lies in the incorrect initialization order of the refcount and async_copies fields in this function. As a result, if an error occurs during the copy process, cleanup_async_copy() may reference uninitialized fields, leading to a refcount underflow. This vulnerability could potentially be exploited by attackers to cause denial-of-service conditions or gain unauthorized access to the system. It is crucial that Linux users apply the necessary patches or upgrades to address this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share