CVE-2024-53173
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53173
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53173.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53173
- Downstream
- Related
- Published
- 2024-12-27T13:49:17.981Z
- Modified
- 2025-11-28T02:35:45.169746Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.0: Fix a use-after-free problem in the asynchronous open()
Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid() in nfs4opendatafree() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfswaitonsequence() is complete, then we must call nfsreleaseseqid() in nfs4openrelease() before the rpctask is freed.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53173.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1cfae9575296f5040cdc84b0730e79078c081d2d
- https://git.kernel.org/stable/c/229a30ed42bb87bcb044c5523fabd9e4f0e75648
- https://git.kernel.org/stable/c/2ab9639f16b05d948066a6c4cf19a0fdc61046ff
- https://git.kernel.org/stable/c/2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889
- https://git.kernel.org/stable/c/5237a297ffd374a1c4157a53543b7a69d7bbbc03
- https://git.kernel.org/stable/c/7bf6bf130af8ee7d93a99c28a7512df3017ec759
- https://git.kernel.org/stable/c/b56ae8e715557b4fc227c9381d2e681ffafe7b15
- https://git.kernel.org/stable/c/ba6e6c04f60fe52d91520ac4d749d372d4c74521
- https://git.kernel.org/stable/c/e2277a1d9d5cd0d625a4fd7c04fce2b53e66df77
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53173.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-53173
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced24ac23ab88df5b21b5b2df8cde748bf99b289099Fixed1cfae9575296f5040cdc84b0730e79078c081d2dFixed7bf6bf130af8ee7d93a99c28a7512df3017ec759Fixed5237a297ffd374a1c4157a53543b7a69d7bbbc03Fixed2ab9639f16b05d948066a6c4cf19a0fdc61046ffFixedba6e6c04f60fe52d91520ac4d749d372d4c74521Fixed229a30ed42bb87bcb044c5523fabd9e4f0e75648Fixede2277a1d9d5cd0d625a4fd7c04fce2b53e66df77Fixedb56ae8e715557b4fc227c9381d2e681ffafe7b15Fixed2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.16Fixed4.19.325
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.287
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.231
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.174
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.120
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.64
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.11.11
- Type
- ECOSYSTEM
- Events
-
Introduced6.12.0Fixed6.12.2