NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-49974

Summary	In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB chunks, so can run for a long time. Thus IMO async COPY can become a DoS vector. Add a restriction mechanism that bounds the number of concurrent background COPY operations. Start simple and try to be fair -- this patch implements a per-namespace limit. An async COPY request that occurs while this limit is exceeded gets NFS4ERR_DELAY. The requesting client can choose to send the request again after a delay or fall back to a traditional read/write style copy. If there is need to make the mechanism more sophisticated, we can visit that in future patches.
Publication Date	Oct. 22, 2024, 3:15 a.m.
Registration Date	Oct. 22, 2024, 12:02 p.m.
Last Update	Nov. 2, 2024, 1:52 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::		6.11			6.11.3
cpe:2.3:o:linux:linux_kernel::::::::					6.10.14

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db		Patch
2	https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b		Patch
3	https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752		Patch

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 20, 2024, midnight
Registration Date	Nov. 5, 2024, 4:36 p.m.
Last Update	Nov. 5, 2024, 4:36 p.m.

Affected System

Linux

Linux Kernel 6.10.14 未満

Linux Kernel 6.11 以上 6.11.3 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-49974	https://www.cve.org/CVERecord?id=CVE-2024-49974
National Vulnerability Database (NVD)
2	CVE-2024-49974	https://nvd.nist.gov/vuln/detail/CVE-2024-49974

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	NFSD: Limit the number of concurrent async COPY operations (6a488ad)	https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b
2	NFSD: Limit the number of concurrent async COPY operations (aadc3bb)	https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752
3	NFSD: Limit the number of concurrent async COPY operations (b4e2143)	https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db
Linux Kernel
4	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年11月05日] 掲載	Nov. 5, 2024, 4:36 p.m.