CVE-2024-53173
Published: Dec 27, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 24ac23ab88df5b21b5b2df8cde748bf99b289099 - < 1cfae9575296f5040cdc84b0730e79078c081d2daffected 24ac23ab88df5b21b5b2df8cde748bf99b289099 - < 7bf6bf130af8ee7d93a99c28a7512df3017ec759affected 24ac23ab88df5b21b5b2df8cde748bf99b289099 - < 5237a297ffd374a1c4157a53543b7a69d7bbbc03affected 24ac23ab88df5b21b5b2df8cde748bf99b289099 - < 2ab9639f16b05d948066a6c4cf19a0fdc61046ffaffected 24ac23ab88df5b21b5b2df8cde748bf99b289099 - < ba6e6c04f60fe52d91520ac4d749d372d4c74521+4 more versions |
Linux | Linux | affected 2.6.16unaffected 0 - < 2.6.16unaffected 4.19.325 - <= 4.19.*unaffected 5.4.287 - <= 5.4.*unaffected 5.10.231 - <= 5.10.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now