CVE-2024-58092

medium

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization Get rid of the nfsd4_legacy_tracking_ops->init() call in check_for_legacy_methods(). That will be handled in the caller (nfsd4_client_tracking_init()). Otherwise, we'll wind up calling nfsd4_legacy_tracking_ops->init() twice, and the second time we'll trigger the BUG_ON() in nfsd4_init_recdir().

References

https://git.kernel.org/stable/c/de71d4e211eddb670b285a0ea477a299601ce1ca

https://git.kernel.org/stable/c/cdd66082b227eb695cbf54b7c121ea032e869981

https://git.kernel.org/stable/c/95407304253a4bf03494d921c6913e220c26cc63

Details

Source: Mitre, NVD

Published: 2025-04-16

Updated: 2025-04-16

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00017