CVE-2024-35914

MEDIUM

Linux Kernel 6.8-6.8.5 - Denial of Service via Improper Locking in nfsd_rename

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parents having no common ancestor") added an error bail out path. However this path does not drop the remount protection that has been acquired. Fix the cleanup path to properly drop the remount protection.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd

Patch

https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (9)

linux/Kernel 6.8.0 - 6.8.5linux

Linux/Linux < 6.8

Linux/Linux 6.8

Linux/Linux 6.8.5 - 6.8.*

Linux/Linux 6.9

Linux/Linux a8b0026847b8c43445c921ad2c85521c92eb175f - 331e125e02c08ffaecc1074af78a988a278039bd

Linux/Linux a8b0026847b8c43445c921ad2c85521c92eb175f - 9fe6e9e7b58944037714442384075c17cfde1c56

linux/linux_kernel 6.9 rc1

linux/linux_kernel 6.8 - 6.8.5

Published May 19, 2024

Tracked Since Feb 18, 2026