CVE-2024-36958 in Linuxinfo

Summary

by MITRE • 05/30/2024

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix nfsd4_encode_fattr4() crasher

Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4().

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 10/01/2025

The vulnerability identified as CVE-2024-36958 represents a critical null pointer dereference issue within the Linux kernel's Network File System Daemon implementation. This flaw exists in the nfsd4_encode_fattr4() function which handles the encoding of file attributes for NFS version 4 operations. The vulnerability stems from improper initialization of the args.acl parameter, creating a scenario where the function attempts to free memory using kfree() on an uninitialized pointer. This type of error falls under the CWE-476 category of Null Pointer Dereference, which represents a fundamental programming error where code assumes a pointer will not be null but fails to validate this assumption before dereferencing. The issue specifically affects the NFSv4 server implementation that processes file attribute requests from clients.

The operational impact of this vulnerability is significant as it can lead to a system crash or denial of service condition within the Linux kernel. When the nfsd4_encode_fattr4() function processes file attribute requests, it fails to properly initialize the args.acl parameter before using it in an unconditional kfree() call. This creates an exploitable condition where an attacker could potentially trigger the crash by sending specially crafted NFSv4 requests to the affected system. The vulnerability directly relates to the ATT&CK technique T1499.004 which involves network denial of service attacks, and more specifically targets the kernel-level service availability by causing kernel panics. The crash occurs during the normal execution flow of the NFS daemon when it attempts to clean up memory resources, making this a particularly dangerous flaw as it can be triggered by legitimate NFS operations.

The mitigation strategy for CVE-2024-36958 involves ensuring that the args.acl parameter is properly initialized before being used in the nfsd4_encode_fattr4() function. This fix aligns with the fundamental security principle of input validation and proper resource management. System administrators should immediately apply the kernel patch that addresses this issue, as the vulnerability can be exploited remotely through NFSv4 connections without authentication. The fix implements early initialization of the ACL argument to prevent the null pointer dereference that leads to the kernel crash. Organizations running NFS services should also consider implementing network segmentation and access controls to limit exposure to this vulnerability. Regular kernel updates and vulnerability assessments should be maintained to ensure that similar issues are identified and addressed promptly. The resolution demonstrates the importance of proper resource management in kernel space code and highlights the need for comprehensive testing of memory allocation and deallocation sequences in critical system components.

Reservation

05/30/2024

Disclosure

05/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00236

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!