CVE-2024-36958

MEDIUM

Linux Kernel 6.7-6.8.10 - Denial of Service via Uninitialized ACL in nfsd4_encode_fattr4

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4().

References (3)

Core 3

Core References

Third Party Advisory

https://security.netapp.com/advisory/ntap-20250404-0007/

Patch

https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc

Patch

https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 17.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (18)

linux/Kernel 6.7.0 - 6.8.10linux

Linux/Linux < 6.7

Linux/Linux 6.7

Linux/Linux 6.8.10 - 6.8.*

Linux/Linux 6.9

Linux/Linux 83ab8678ad0c6f27594c716cafe59c8bbd5e49ef - 18180a4550d08be4eb0387fe83f02f703f92d4e7

Linux/Linux 83ab8678ad0c6f27594c716cafe59c8bbd5e49ef - 6a7b07689af6e4e023404bf69b1230f43b2a15bc

linux/linux_kernel 6.9 rc1 (6 CPE variants)

linux/linux_kernel 6.7 - 6.8.10

netapp/converged_systems_advisor_agent

... and 8 more

Published May 30, 2024

Tracked Since Feb 18, 2026