CVE-2024-53066
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53066 is a recently identified vulnerability in the Linux kernel that affects the NFS (Network File System) module. The issue is caused by a failure to initialize the 'mdsthreshold' field in the 'fattr' structure, leading to a Kernel Memory Corruption (KMSAN) warning. This vulnerability can be exploited by a local attacker with root privileges, potentially resulting in arbitrary code execution. The issue has been resolved by initializing 'fattr->mdsthreshold' to NULL in 'nfs_fattr_init()'. The vulnerability was discovered in the function 'decode_getfattr_attrs()' during the decoding of NFS attributes. The CPU and hardware details for the affected system were provided in the warning message.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX