CVE-2024-53217 : In the Linux kernel, the following vulnerability has been resolved: NFSD: Preve

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault.

Published 2024-12-27 13:50:03

Updated 2025-01-31 15:59:34

Source Linux

View at NVD, CVE.org

Products affected by CVE-2024-53217

Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.120
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.11.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.174
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.231
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.64
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 2.6.38 and before (<) 4.19.325
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.12 and before (<) 6.12.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.287
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-53217

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-53217

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-01-31
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-53217

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-53217

https://git.kernel.org/stable/c/752a75811f27300fe8131b0a1efc91960f6f88e7

NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/eb51733ae5fc73d95bd857d5da26f9f65b202a79

NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/cac1405e3ff6685a438e910ad719e0cf06af90ee

NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/c5d90f9302742985a5078e42ac38de42c364c44a

NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/1e02c641c3a43c88cecc08402000418e15578d38

Patch
https://git.kernel.org/stable/c/d9a0d1f6e15859ea7a86a327f28491e23deaaa62

Patch
https://git.kernel.org/stable/c/4a4ffc1aa9d618e41ad9151f40966e402e58a5a2

Patch
https://git.kernel.org/stable/c/0c3b0e326f838787d229314d4de83af9c53347e8

Patch
https://git.kernel.org/stable/c/03178cd8f67227015debb700123987fe96275cd1

Patch

Jump to

Vulnerability Details : CVE-2024-53217

Products affected by CVE-2024-53217

Exploit prediction scoring system (EPSS) score for CVE-2024-53217

CVSS scores for CVE-2024-53217

CWE ids for CVE-2024-53217

References for CVE-2024-53217