U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-47737 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL If not enough buffer space available, but idmap_lookup has triggered lookup_fn which calls cache_get and returns successfully. Then we missed to call cache_put here which pairs with cache_get. Reviwed-by: Jeff Layton <jlayton@kernel.org>


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056 Patch 
https://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834 Patch 
https://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd Patch 
https://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134 Patch 
https://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da Patch 
https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7 Patch 
https://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-47737
NVD Published Date:
10/21/2024
NVD Last Modified:
10/23/2024
Source:
kernel.org