CVE-2024-6759
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 22
Summary
CVE-2024-6759 is a newly identified vulnerability affecting the Linux kernel's NFS (Network File System) implementation. The issue arises from the kernel's failure to sanitize remotely provided filenames for the path separator character, "/". Consequently, readdir(3) and related functions can inadvertently return filesystem entries containing unintended path components. This situation, known as the "confused deputy problem," could lead to unintended file copying from outside the intended source or destination directories.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- FreeBSD
Affected Vendors
- FreeBSD Project