Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2021-47259

Published: 21/05/2024 Updated: 21/05/2024

Vulnerability Summary

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting somewhere between 5.7 and 5.10, but I traced the patch that introduced the clear_bit() call to 4.13. So something must have changed in the refcounting of the clp pointer to make this call to nfs_put_client() the very last one.

References

https://git.kernel.org/stable/c/c7eab9e2d7b4e983ce280276fb920af649955897https://git.kernel.org/stable/c/42c10b0db064e45f5c5ae7019bbf2168ffab766chttps://git.kernel.org/stable/c/3e3c7ebbfac152d08be75c92802a64a1f6471a15https://git.kernel.org/stable/c/c3b6cf64dfe4ef96e7341508d50d6998da7062c7https://git.kernel.org/stable/c/72651c6579a25317a90536181d311c663d0329abhttps://git.kernel.org/stable/c/476bdb04c501fc64bf3b8464ffddefc8dbe01577https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065open redirectCVE-2024-1086path traversalCVE-2024-29825XXECVE-2024-29822CVE-2024-20696CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook