Количество 14
Количество 14
GHSA-x8r2-g34h-2v3j
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked().
CVE-2025-38724
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked().
CVE-2025-38724
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked().
CVE-2025-38724
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked().
CVE-2025-38724
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
CVE-2025-38724
In the Linux kernel, the following vulnerability has been resolved: n ...
ELSA-2025-20650
ELSA-2025-20650: Unbreakable Enterprise kernel security update (MODERATE)
ELSA-2025-20721
ELSA-2025-20721: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-20649
ELSA-2025-20649: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-20662
ELSA-2025-20662: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-20663
ELSA-2025-20663: Unbreakable Enterprise kernel security update (IMPORTANT)
SUSE-SU-2025:3751-1
Security update for the Linux Kernel
SUSE-SU-2025:03600-1
Security update for the Linux Kernel
SUSE-SU-2025:03634-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-x8r2-g34h-2v3j In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked(). | 0% Низкий | 2 месяца назад | |
 | CVE-2025-38724 In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked(). | 0% Низкий | 2 месяца назад | |
 | CVE-2025-38724 In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked(). | CVSS3: 7 | 0% Низкий | 2 месяца назад |
 | CVE-2025-38724 In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked(). | 0% Низкий | 2 месяца назад | |
 | CVE-2025-38724 nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() | CVSS3: 6.8 | 0% Низкий | 2 месяца назад |
| CVE-2025-38724 In the Linux kernel, the following vulnerability has been resolved: n ... | 0% Низкий | 2 месяца назад | |
| ELSA-2025-20650 ELSA-2025-20650: Unbreakable Enterprise kernel security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2025-20721 ELSA-2025-20721: Unbreakable Enterprise kernel security update (IMPORTANT) | 13 дней назад | ||
| ELSA-2025-20649 ELSA-2025-20649: Unbreakable Enterprise kernel security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-20662 ELSA-2025-20662: Unbreakable Enterprise kernel security update (IMPORTANT) | 23 дня назад | ||
| ELSA-2025-20663 ELSA-2025-20663: Unbreakable Enterprise kernel security update (IMPORTANT) | 26 дней назад | ||
 | SUSE-SU-2025:3751-1 Security update for the Linux Kernel | 13 дней назад | ||
| SUSE-SU-2025:03600-1 Security update for the Linux Kernel | 21 день назад | ||
| SUSE-SU-2025:03634-1 Security update for the Linux Kernel | 19 дней назад |
Уязвимостей на страницу