CVE-2024-53173

Updated: 2025-11-19 03:58:36.336758

Description:

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1743193221 2025-02-05 02:16:43
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1740656525 2025-08-19 00:20:08
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1738672047 2025-02-19 06:51:51
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525834 2025-02-14 23:54:47
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525795 2025-02-14 23:54:47
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1738592614 2025-02-04 02:14:26
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2025-02-26 07:13:12
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-02-26 07:13:12 CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo...
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1740598467 2025-02-26 21:53:50
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1742322442 2025-03-25 03:29:06
Total: 15