216.73.216.6

CVE-2024-46697

· Published 13/09/2024 06:15 · Modified 19/09/2024 17:53

Labels: CVE-2024-46697 2024-09-13416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-46697CWE-665

Essential information

Published
13/09/2024 06:15
Modified
19/09/2024 17:53
Author
Creator
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*

References