Bottlerocket: bottlerocket-kernel-5.10, kernel-5.10: security update to 5.10.233bottlerocket-kernel-5.15, kernel-5.15: security update to 5.15.176bottlerocket-kernel-6.1, kernel-6.1: security update to 6.1.124

high Tenable Cloud Security Plugin ID 428098

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using
sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`,
the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to
the hashed `nfs4_client`. If the `nfsd_client_shrinker` is running concurrently, the `expire_client`
function will first unhash this client and then destroy it. This can lead to the following warning.
Additionally, numerous use-after-free errors may occur as well. nfsd_client_shrinker echo 0 >
/proc/fs/nfsd/threads expire_client nfsd_shutdown_net unhash_client ... nfs4_state_shutdown_net /* won't
wait shrinker exit */ /* cancel_work(&nn->nfsd_shrinker_work) * nfsd_file for this /* won't destroy
unhashed client1 */ * client1 still alive nfs4_state_destroy_net */ nfsd_file_cache_shutdown /* trigger
warning */ kmem_cache_destroy(nfsd_file_slab) kmem_cache_destroy(nfsd_file_mark_slab) /* release nfsd_file
and mark */ __destroy_client ==================================================================== BUG
nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown()
-------------------------------------------------------------------- CPU: 4 UID: 0 PID: 764 Comm: sh Not
tainted 6.12.0-rc3+ #1 dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310
kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xac/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0
[nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0
[nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
==================================================================== BUG nfsd_file_mark (Tainted: G B W ):
Objects remaining nfsd_file_mark on __kmem_cache_shutdown()
-------------------------------------------------------------------- dump_stack_lvl+0x53/0x70
slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160
nfsd_file_cache_shutdown+0xc8/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0 [nfsd] nfsd_svc+0x125/0x1e0
[nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0
ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e To resolve this
issue, cancel `nfsd_shrinker_work` using synchronous mode in nfs4_state_shutdown_net. (CVE-2024-50121)

Plugin Details

Severity: High

ID: 428098

Version: Revision 1.2

Type: Local

Published: 6/30/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-50121

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/9/2024

Reference Information

CVE: CVE-2024-50121