CVE-2024-50043

UNKNOWN 0.0

nfsd: fix possible badness in FREE_STATEID

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix possible badness in FREE_STATEID When multiple FREE_STATEIDs are sent for the same delegation stateid, it can lead to a possible either use-after-free or counter refcount underflow errors. In nfsd4_free_stateid() under the client lock we find a delegation stateid, however the code drops the lock before calling nfs4_put_stid(), that allows another FREE_STATE to find the stateid again. The first one will proceed to then free the stateid which leads to either use-after-free or decrementing already zeroed counter.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 21, 2024
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

3f29cc82a84c23cfd12b903029dd26002ca825f5 < 7ca9e472ce5c67daa3188a348ece8c02a0765039 3f29cc82a84c23cfd12b903029dd26002ca825f5 < c88c150a467fcb670a1608e2272beeee3e86df6e

Linux / Linux

6.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/7ca9e472ce5c67daa3188a348ece8c02a0765039 git.kernel.org: https://git.kernel.org/stable/c/c88c150a467fcb670a1608e2272beeee3e86df6e