CVE-2024-46697
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-46697
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46697.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-46697
- Downstream
- Related
- Published
- 2024-09-13T05:29:24Z
- Modified
- 2025-10-15T14:22:14.292135Z
- Summary
- nfsd: ensure that nfsd4_fattr_args.context is zeroed out
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfsd: ensure that nfsd4fattrargs.context is zeroed out
If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf59388a579c6a395de8f7372b267d3abecd8d6bfFixeddd65b324174a64558a16ebbf4c3266e5701185d0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf59388a579c6a395de8f7372b267d3abecd8d6bfFixedf58bab6fd4063913bd8321e99874b8239e9ba726
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "fs/nfsd/nfs4xdr.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"60168329413666679064200621515415867829",
"11787484903198510755278757542795931345",
"49774974952971208277092573654849949239",
"200679468188771908636472881845070759162",
"35994769077252429974118477803041617892",
"300019401970463336164342353904527195537",
"19301271351346344435429735507747549802",
"157415313350505721667318219293130986211"
],
"threshold": 0.9
},
"id": "CVE-2024-46697-27e8d4f8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f58bab6fd4063913bd8321e99874b8239e9ba726"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "fs/nfsd/nfs4xdr.c",
"function": "nfsd4_encode_fattr4"
},
"deprecated": false,
"digest": {
"length": 3854.0,
"function_hash": "225535718653131869400267839778875770314"
},
"id": "CVE-2024-46697-6faa0bc4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f58bab6fd4063913bd8321e99874b8239e9ba726"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "fs/nfsd/nfs4xdr.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"60168329413666679064200621515415867829",
"11787484903198510755278757542795931345",
"49774974952971208277092573654849949239",
"200679468188771908636472881845070759162",
"35994769077252429974118477803041617892",
"300019401970463336164342353904527195537",
"19301271351346344435429735507747549802",
"157415313350505721667318219293130986211"
],
"threshold": 0.9
},
"id": "CVE-2024-46697-baab60e0",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dd65b324174a64558a16ebbf4c3266e5701185d0"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "fs/nfsd/nfs4xdr.c",
"function": "nfsd4_encode_fattr4"
},
"deprecated": false,
"digest": {
"length": 3854.0,
"function_hash": "225535718653131869400267839778875770314"
},
"id": "CVE-2024-46697-f528608d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dd65b324174a64558a16ebbf4c3266e5701185d0"
}
]
}