CVE-2024-53146

NFSD: Prevent a potential integer overflow

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition
can result in an integer overflow. Address this by splitting the
decoding into several steps so that decode_cb_compound4res() does
not have to perform arithmetic on the unsafe length value.

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-24 CVE Published
2025-04-25 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (11)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8	2024-12-05
https://git.kernel.org/stable/c/90adbae9dd158da8331d9fdd32077bd1af04f553	2024-12-14
https://git.kernel.org/stable/c/3c5f545c9a1f8a1869246f6f3ae8c17289d6a841	2024-12-14
https://git.kernel.org/stable/c/842f1c27a1aef5367e535f9e85c8c3b06352151a	2024-12-14
https://git.kernel.org/stable/c/de53c5305184ca1333b87e695d329d1502d694ce	2024-12-14
https://git.kernel.org/stable/c/dde654cad08fdaac370febb161ec41eb58e9d2a2	2024-12-09
https://git.kernel.org/stable/c/084f797dbc7e52209a4ab6dbc7f0109268754eb9	2024-12-05
https://git.kernel.org/stable/c/ccd3394f9a7200d6b088553bf38e688620cd27af	2024-12-05
https://git.kernel.org/stable/c/7f33b92e5b18e904a481e6e208486da43e4dc841	2024-11-11

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-53146	2025-05-13
https://bugzilla.redhat.com/show_bug.cgi?id=2333973	2025-05-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.13 Search vendor "Linux" for product "Linux Kernel" and version " < 6.13"		en		Affected