CVE-2024-53146
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53146 is a recently resolved vulnerability in the Linux kernel. This issue affected the NFS (Network File System) component, specifically the nfsd subsystem. The problem stemmed from a potential integer overflow in the decode_cb_compound4res() function. If the tag length was larger than the maximum value of a 32-bit unsigned integer (U32_MAX), an addition operation involving the length and 4 could result in an integer overflow. To mitigate this risk, the Linux developers implemented a solution that splits the decoding process into several steps to prevent the unsafe arithmetic operation on the length value.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.