CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label

Published Jul 29, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

NFSv4: Fix memory leak in nfs4setsecuritylabel

We leak nfsfattr and nfs4label every time we set a security xattr.

Other sources

Linux Kernel is vulnerable to a denial of service, caused by a flaw in NFSv4. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

15 affected componentsFixes available
redhat/kernel<6.1.101
6.1.101
redhat/kernel<6.6.42
6.6.42
redhat/kernel<6.9.11
6.9.11
redhat/kernel<6.10
6.10
Linux Linux kernel<6.1.101
Linux Linux kernel>=6.2<6.6.42
Linux Linux kernel>=6.7<6.9.11
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux<=5.10.223-1, <=5.10.234-1
6.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
Microsoft azl3 kernel 6.6.47.1-1
Patch available
Microsoft azl3 kernel 6.6.35.1-5
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/899604a7c958771840941caff9ee3dd8193d984c

Patch Available

https://git.kernel.org/stable/c/aad11473f8f4be3df86461081ce35ec5b145ba68

Patch Available

https://git.kernel.org/stable/c/b98090699319e64f5de1e8db5bb75870f1eb1c6e

Patch Available

https://git.kernel.org/stable/c/d130220ccc94d74d70da984a199477937e7bf03c

Event History

Jul 29, 2024
CVE Published
via MITRE·02:57 PM
Data Sourced
via MITRE·02:57 PM
Description
Data Sourced
via NVD·03:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Sep 11, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Dec 19, 2024
Data Sourced
via Ubuntu·12:31 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-41076?

CVE-2024-41076 has a high severity rating due to the potential for memory leaks in NFSv4 functionality.

2

How do I fix CVE-2024-41076?

To fix CVE-2024-41076, upgrade the Linux kernel to versions 6.1.101, 6.6.42, 6.9.11, 6.10, or applicable Debian kernels listed in the vulnerability report.

3

What impact does CVE-2024-41076 have on systems using the Linux kernel?

CVE-2024-41076 can lead to excessive memory usage over time due to memory leaks when setting security extended attributes in NFSv4.

4

Which Linux kernel versions are affected by CVE-2024-41076?

Versions prior to 6.1.101, between 6.2 and 6.6.42, and between 6.7 to 6.9.11 of the Linux kernel are affected by CVE-2024-41076.

5

Is there a workaround for CVE-2024-41076 if I cannot apply the patch immediately?

Currently, there are no known workarounds for CVE-2024-41076; it is recommended to apply the appropriate patches as soon as possible.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203