Products
Linux kernel
linux_kernel
- *
linux_kernel
- 6
- .
- 1
- 1
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Tags
CVE-2024-46696 details
Published : Sept. 13, 2024, 6:15 a.m.
Last Modified : Sept. 13, 2024, 4:52 p.m.
Last Modified : Sept. 13, 2024, 4:52 p.m.
Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-416 | Use After Free | Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://git.kernel.org/stable/c/1116e0e372eb16dd907ec571ce5d4af325c55c10 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| https://git.kernel.org/stable/c/e0b66698a5ae41078f7490e8b3527013f5fccd6c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | linux | linux_kernel | / | / | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc1 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc2 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc3 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc4 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc5 | / | / | / | / | / | / |
This website uses the NVD API, but is not approved or certified by it.