CVE-2024-46696 Information
Sep 14, 2024
cve
Description
In the Linux kernel the following vulnerability has been resolved:
nfsd: fix potential UAF in nfsd4_cb_getattr_release
Once we drop the delegation reference the fields embedded in it are no longer safe to access. Do that last.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://git.kernel.org/stable/c/e0b66698a5ae41078f7490e8b3527013f5fccd6c https://git.kernel.org/stable/c/1116e0e372eb16dd907ec571ce5d4af325c55c10
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: