CVE-2024-46697

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46697

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46697.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-46697

Downstream

BELL-CVE-2024-46697

DEBIAN-CVE-2024-46697

RHSA-2024:11486

UBUNTU-CVE-2024-46697

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Related

ALSA-2024:11486

Published

2024-09-13T06:15:14Z

Modified

2025-08-09T20:01:25Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: ensure that nfsd4fattrargs.context is zeroed out

If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.

References

Affected packages