CVE-2024-53173

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same
time, and are forced to abort before a reply is seen, then the call to
nfs_release_seqid() in nfs4_opendata_free() can result in a
use-after-free of the pointer to the defunct rpc task of the other
thread.
The fix is to ensure that if the RPC call is aborted before the call to
nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()
in nfs4_open_release() before the rpc_task is freed.

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-27 CVE Published
2025-04-28 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/24ac23ab88df5b21b5b2df8cde748bf99b289099	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1cfae9575296f5040cdc84b0730e79078c081d2d	2024-12-05
https://git.kernel.org/stable/c/7bf6bf130af8ee7d93a99c28a7512df3017ec759	2024-12-14
https://git.kernel.org/stable/c/5237a297ffd374a1c4157a53543b7a69d7bbbc03	2024-12-14
https://git.kernel.org/stable/c/2ab9639f16b05d948066a6c4cf19a0fdc61046ff	2024-12-14
https://git.kernel.org/stable/c/ba6e6c04f60fe52d91520ac4d749d372d4c74521	2024-12-14
https://git.kernel.org/stable/c/229a30ed42bb87bcb044c5523fabd9e4f0e75648	2024-12-09
https://git.kernel.org/stable/c/e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77	2024-12-05
https://git.kernel.org/stable/c/b56ae8e715557b4fc227c9381d2e681ffafe7b15	2024-12-05
https://git.kernel.org/stable/c/2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889	2024-11-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-53173	2025-05-13
https://bugzilla.redhat.com/show_bug.cgi?id=2334398	2025-05-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.13"		en		Affected