Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.7, < 6.8.10 |
| Netapp | Converged Systems Advisor Agent | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | Solidfire \& Hci Storage Node | - |
| Netapp | Hci Compute Node | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
References
- https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7Patch
- https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bcPatch
- https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7Patch
- https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bcPatch
- https://security.netapp.com/advisory/ntap-20250404-0007/Third Party Advisory
FAQ
What is CVE-2024-36958?
CVE-2024-36958 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() ...
How severe is CVE-2024-36958?
CVE-2024-36958 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-36958?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Converged Systems Advisor Agent, Netapp Solidfire \& Hci Management Node, Netapp Solidfire \& Hci Storage Node, Netapp Hci Compute Node.