Memory Corruption Issue in Linux Kernel NFSv3 LocalIO
CVE-2024-56740

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

Summary

The vulnerability in the Linux kernel arises when the NFSv3 LOCALIO functionality does not properly clear the res.replen variable in the nfs_local_read_done function. Failure to address this leads to memory corruption, where remnants of obsolete data may persist, resulting in critical errors during read operations. This issue becomes manifest during a transition from LOCALIO to standard RPC calls under heavy I/O loads, such as when the NFSv3 server experiences interruptions. The mishandling of memory locations creates pathways for erroneous data placement, compromising data integrity and operational stability.

Affected Version(s)

Linux 70ba381e1a431245c137ed597ec6a05991c79bd9

Linux 70ba381e1a431245c137ed597ec6a05991c79bd9 < 650703bc4ed3edf841e851c99ab8e7ba9e5262a3

Linux 6.12

References

https://git.kernel.org/stable/c/de5dac261eeab99762bbdf7c2...

https://git.kernel.org/stable/c/650703bc4ed3edf841e851c99...

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024

Collectors

NVD DatabaseMitre Database