SB2025010921 - Memory leak in Linux kernel nfsd
Published: January 9, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025010921
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-56779)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0ab0a3ad24e970e894abcac58f85c332d1726749
- https://git.kernel.org/stable/c/2d505a801e57428057563762f67a5a62009b2600
- https://git.kernel.org/stable/c/37dfc81266d3a32294524bfadd3396614f8633ee
- https://git.kernel.org/stable/c/45abb68c941ebc9a35c6d3a7b08196712093c636
- https://git.kernel.org/stable/c/6f73f920b7ad0084373e46121d7ac34117aed652
- https://git.kernel.org/stable/c/98100e88dd8865999dc6379a3356cd799795fe7b
- https://git.kernel.org/stable/c/a85364f0d30dee01c5d5b4afa55a9629a8f36d8e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.287