CVE-2024-53146

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-53146

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53146.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53146

Downstream

BELL-CVE-2024-53146

DEBIAN-CVE-2024-53146

DLA-4075-1

DLA-4076-1

OESA-2025-1032

OESA-2025-1033

OESA-2025-1034

OESA-2025-1036

OESA-2025-1037

RHSA-2025:6966

SUSE-SU-2025:0117-1

SUSE-SU-2025:0152-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0202-1

SUSE-SU-2025:0203-1

SUSE-SU-2025:0229-1

SUSE-SU-2025:0230-1

SUSE-SU-2025:0231-1

SUSE-SU-2025:0236-1

SUSE-SU-2025:02387-1

SUSE-SU-2025:02388-1

SUSE-SU-2025:02389-1

SUSE-SU-2025:02390-1

SUSE-SU-2025:02391-1

SUSE-SU-2025:02392-1

SUSE-SU-2025:02396-1

SUSE-SU-2025:02398-1

SUSE-SU-2025:02400-1

SUSE-SU-2025:02401-1

SUSE-SU-2025:02403-1

SUSE-SU-2025:02410-1

SUSE-SU-2025:02411-1

SUSE-SU-2025:02412-1

SUSE-SU-2025:02415-1

SUSE-SU-2025:02416-1

SUSE-SU-2025:02419-1

SUSE-SU-2025:02420-1

SUSE-SU-2025:02422-1

SUSE-SU-2025:02428-1

SUSE-SU-2025:02433-1

SUSE-SU-2025:02434-1

SUSE-SU-2025:02436-1

SUSE-SU-2025:02440-1

SUSE-SU-2025:02446-1

SUSE-SU-2025:02449-1

SUSE-SU-2025:02454-1

SUSE-SU-2025:02455-1

SUSE-SU-2025:02459-1

SUSE-SU-2025:02507-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025:20517-1

SUSE-SU-2025:20518-1

SUSE-SU-2025:20519-1

SUSE-SU-2025:20525-1

SUSE-SU-2025:20526-1

SUSE-SU-2025:20527-1

SUSE-SU-2025:20540-1

SUSE-SU-2025:20541-1

SUSE-SU-2025:20544-1

SUSE-SU-2025:20545-1

SUSE-SU-2025:4123-1

Related

Published

2024-12-24T11:28:46.883Z

Modified

2026-03-11T07:50:33.581614Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

NFSD: Prevent a potential integer overflow

Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Prevent a potential integer overflow

If the tag length is >= U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecb_compound4res() does not have to perform arithmetic on the unsafe length value.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53146.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

745f7ce5a95e783ba62fe774325829466aec2aa8

Fixed

90adbae9dd158da8331d9fdd32077bd1af04f553

Fixed

3c5f545c9a1f8a1869246f6f3ae8c17289d6a841

Fixed

842f1c27a1aef5367e535f9e85c8c3b06352151a

Fixed

de53c5305184ca1333b87e695d329d1502d694ce

Fixed

dde654cad08fdaac370febb161ec41eb58e9d2a2

Fixed

084f797dbc7e52209a4ab6dbc7f0109268754eb9

Fixed

ccd3394f9a7200d6b088553bf38e688620cd27af

Fixed

7f33b92e5b18e904a481e6e208486da43e4dc841

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53146.json"