CVE-2024-46682

Summary

CVE-2024-46682 is a vulnerability in the Linux kernel affecting the NFSv4.0 protocol that can lead to kernel panic due to a NULL pointer dereference when displaying information about closed files. The issue arises from changes made in commit 3f29cc82a84c, which resulted in the nfs4_show_open() function attempting to access an invalid file reference for closed state identifiers. To remediate this vulnerability, users should apply the patches referenced in the links provided, which address the underlying issue by preventing attempts to display information reliant on non-existent file references. The vulnerability has a medium severity rating with an availability impact score indicating that it can lead to service disruptions if exploited locally. Organizations using affected Linux kernel versions should take immediate action to update their systems to mitigate potential risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.