CVE-2024-6759

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 22

Summary

CVE-2024-6759 is a newly identified vulnerability affecting the Linux kernel's NFS (Network File System) implementation. The issue arises from the kernel's failure to sanitize remotely provided filenames for the path separator character, "/". Consequently, readdir(3) and related functions can inadvertently return filesystem entries containing unintended path components. This situation, known as the "confused deputy problem," could lead to unintended file copying from outside the intended source or destination directories.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share