CVE-2024-53173

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same
time, and are forced to abort before a reply is seen, then the call to
nfs_release_seqid() in nfs4_opendata_free() can result in a
use-after-free of the pointer to the defunct rpc task of the other
thread.
The fix is to ensure that if the RPC call is aborted before the call to
nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()
in nfs4_open_release() before the rpc_task is freed.

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

CVSS Scores

CISAv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-27 CVE Published
2025-02-11 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/24ac23ab88df5b21b5b2df8cde748bf99b289099	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1cfae9575296f5040cdc84b0730e79078c081d2d	2024-12-05
https://git.kernel.org/stable/c/7bf6bf130af8ee7d93a99c28a7512df3017ec759	2024-12-14
https://git.kernel.org/stable/c/5237a297ffd374a1c4157a53543b7a69d7bbbc03	2024-12-14
https://git.kernel.org/stable/c/2ab9639f16b05d948066a6c4cf19a0fdc61046ff	2024-12-14
https://git.kernel.org/stable/c/ba6e6c04f60fe52d91520ac4d749d372d4c74521	2024-12-14
https://git.kernel.org/stable/c/229a30ed42bb87bcb044c5523fabd9e4f0e75648	2024-12-09
https://git.kernel.org/stable/c/e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77	2024-12-05
https://git.kernel.org/stable/c/b56ae8e715557b4fc227c9381d2e681ffafe7b15	2024-12-05
https://git.kernel.org/stable/c/2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889	2024-11-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.16 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.16 < 6.13"		en		Affected