CVE-2024-53173

HIGH 7.8

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 27, 2024
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

24ac23ab88df5b21b5b2df8cde748bf99b289099 < 1cfae9575296f5040cdc84b0730e79078c081d2d 24ac23ab88df5b21b5b2df8cde748bf99b289099 < 7bf6bf130af8ee7d93a99c28a7512df3017ec759 24ac23ab88df5b21b5b2df8cde748bf99b289099 < 5237a297ffd374a1c4157a53543b7a69d7bbbc03 24ac23ab88df5b21b5b2df8cde748bf99b289099 < 2ab9639f16b05d948066a6c4cf19a0fdc61046ff 24ac23ab88df5b21b5b2df8cde748bf99b289099 < ba6e6c04f60fe52d91520ac4d749d372d4c74521 24ac23ab88df5b21b5b2df8cde748bf99b289099 < 229a30ed42bb87bcb044c5523fabd9e4f0e75648 24ac23ab88df5b21b5b2df8cde748bf99b289099 < e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77 24ac23ab88df5b21b5b2df8cde748bf99b289099 < b56ae8e715557b4fc227c9381d2e681ffafe7b15 24ac23ab88df5b21b5b2df8cde748bf99b289099 < 2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889

Linux / Linux

2.6.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗