CVE-2024-50241

MEDIUM

Linux Kernel < 6.11.7 - Use of Uninitialized Resource

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4_copy earlier Ensure the refcount and async_copies fields are initialized early. cleanup_async_copy() will reference these fields if an error occurs in nfsd4_copy(). If they are not correctly initialized, at the very least, a refcount underflow occurs.

References (6)

[Patch] https://git.kernel.org/stable/c/059434d23c4578d9d02efb92d848ea21bc640112

[Patch] https://git.kernel.org/stable/c/421f1a2a1afb47d88de09457ef7687e1df7bc997

[Patch] https://git.kernel.org/stable/c/7267625baf365a969f1b25ded6f07b64bc90ec5b

[Patch] https://git.kernel.org/stable/c/c3074003fa6837c2b89a34d8d12d9463b59d22d6

[Mailing List, Patch] https://git.kernel.org/stable/c/63fab04cbd0f96191b6e5beedc3b643b01c15889

[Mailing List, Patch] https://git.kernel.org/stable/c/e30a9a2f69c34a00a3cb4fd45c5d231929e66fb1

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-908

Status published

Products (3)

linux/Kernel 6.11.3 - 6.11.7linux

linux/linux_kernel 6.12 rc1 (5 CPE variants)

linux/linux_kernel 6.10.14 - 6.11.7

Published Nov 09, 2024

Tracked Since Feb 18, 2026