CVE-2024-43826

In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explіcit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722	Patch
https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-17 10:15

Updated : 2025-09-29 15:28

NVD link : CVE-2024-43826

Mitre link : CVE-2024-43826

CVE.ORG link : CVE-2024-43826

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-43826", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-17T10:15:08.593", "references": [{"url": "https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes. E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an expl\u0456cit offset\nand length. This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: pasar compensaci\u00f3n/recuento expl\u00edcito para rastrear eventos nfs_folio_length no es seguro de usar sin tener el folio bloqueado y una verificaci\u00f3n de NULL ->f_mapping que protege contra truncamientos y puede llevar al kernel accidentes. Por ejemplo, cuando se ejecuta xfstests generic/065 con todos los puntos de seguimiento nfs habilitados. Siga el modelo de los puntos de seguimiento XFS y pase un desplazamiento y una longitud expl\u00edcitos. Esto tiene el beneficio adicional de que estos valores pueden ser m\u00e1s precisos ya que algunos de los usuarios tocan rangos de folios parciales."}], "lastModified": "2025-09-29T15:28:17.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F6F82DA-1324-4F20-9478-213502A06158", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.3"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}