Use of uninitialized resource in Linux kernel nfs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-53066 |
| CWE-ID | CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of uninitialized resource
EUVDB-ID: #VU100730
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttp://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747
http://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2
http://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3
http://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00
http://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b
http://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549
http://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92
http://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
