Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2024-53146

Published: December 25, 2024Last modified: December 25, 2024

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlinux-ltsFixed (6.1.120-r0)
Streamlinux-ltsFixed (6.6.64-r0)

References

ON THIS PAGE