CVE-2024-36958
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/05/2024
Last modified:
01/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
NFSD: Fix nfsd4_encode_fattr4() crasher<br />
<br />
Ensure that args.acl is initialized early. It is used in an<br />
unconditional call to kfree() on the way out of<br />
nfsd4_encode_fattr4().
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.8.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7
- https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc
- https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7
- https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc
- https://security.netapp.com/advisory/ntap-20250404-0007/