In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.
History

Thu, 19 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 06 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-457

Sun, 29 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-665
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Fri, 13 Sep 2024 23:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 13 Sep 2024 05:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.
Title nfsd: ensure that nfsd4_fattr_args.context is zeroed out
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-13T05:29:24.787Z

Updated: 2024-12-19T09:21:11.823Z

Reserved: 2024-09-11T15:12:18.250Z

Link: CVE-2024-46697

cve-icon Vulnrichment

Updated: 2024-09-29T15:05:20.313Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-13T06:15:14.500

Modified: 2024-09-19T17:53:43.173

Link: CVE-2024-46697

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-13T00:00:00Z

Links: CVE-2024-46697 - Bugzilla