CVE-2024-57927
MEDIUM EPSS 6.6%
Published Jan 19, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Jan 19, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix oops in nfs_netfs_init_request() when copying to cache When netfslib wants to copy some data that has just been read on behalf of nfs, it creates a new write request and calls nfs_netfs_init_request() to initialise it, but with a NULL file pointer. This causes nfs_file_open_context() to oops - however, we don't actually need the nfs context as we're only going to write to the cache. Fix this by just returning if we aren't given a file pointer and emit a warning if the request was for something other than copy-to-cache. Further, fix nfs_netfs_free_request() so that it doesn't try to free the context if the pointer is NULL.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
6.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 7
References 2
- git.kernel.org https://git.kernel.org/stable/c/13a07cc81e2d116cece727a83746c74b87a9d417
- git.kernel.org https://git.kernel.org/stable/c/86ad1a58f6a9453f49e06ef957a40a8dac00a13f
Remediation
- git.kernel.org https://git.kernel.org/stable/c/13a07cc81e2d116cece727a83746c74b87a9d417
- git.kernel.org https://git.kernel.org/stable/c/86ad1a58f6a9453f49e06ef957a40a8dac00a13f