CVE-2024-50121

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 8, 2024

CWE ID 416

Summary

CVE-2024-50121: A vulnerability was identified in the Linux kernel's NFS (Network File System) subsystem, specifically in the nfsd (NFS daemon) component. When shutting down the NFS service, if the `nfsd_shrinker_work` is not canceled properly, it can lead to objects remaining in the `nfsd_file` cache. This issue results in use-after-free errors and warnings, potentially causing instability in the system. To mitigate this issue, the recommended action is to modify the `nfs4_state_shutdown_net` function to cancel `nfsd_shrinker_work` using synchronous mode.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ztzODv
https://www.cve.org/CVERecord?id=CVE-2024-50121
https://nvd.nist.gov/vuln/detail/CVE-2024-50121

Back to Vulnerability Database

CVE-2024-50121

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations