CVE-2024-46697

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46697

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46697.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-46697

Downstream

BELL-CVE-2024-46697

DEBIAN-CVE-2024-46697

RHSA-2024:11486

UBUNTU-CVE-2024-46697

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Related

ALSA-2024:11486

Published

2024-09-13T05:29:24Z

Modified

2025-10-22T02:12:31.364879Z

Summary

nfsd: ensure that nfsd4_fattr_args.context is zeroed out

Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: ensure that nfsd4fattrargs.context is zeroed out

If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f59388a579c6a395de8f7372b267d3abecd8d6bf

Fixed

dd65b324174a64558a16ebbf4c3266e5701185d0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f59388a579c6a395de8f7372b267d3abecd8d6bf

Fixed

f58bab6fd4063913bd8321e99874b8239e9ba726

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.10.8