CVE-2024-35914

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parents having no common ancestor") added an error bail out path. However this path does not drop the remount protection that has been acquired. Fix the cleanup path to properly drop the remount protection.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd	Patch
https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56	Patch
https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd	Patch
https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::

History

23 Sep 2025, 15:14

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-667
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd -~~	() https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd - Patch
References	~~() https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56 -~~	() https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56 - Patch
First Time		Linux Linux linux Kernel

Information

Published : 2024-05-19 09:15

Updated : 2025-09-23 15:14

NVD link : CVE-2024-35914

Mitre link : CVE-2024-35914

CVE.ORG link : CVE-2024-35914

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2024-35914", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-19T09:15:11.910", "references": [{"url": "https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix error cleanup path in nfsd_rename()\n\nCommit a8b0026847b8 (\"rename(): avoid a deadlock in the case of parents\nhaving no common ancestor\") added an error bail out path. However this\npath does not drop the remount protection that has been acquired. Fix\nthe cleanup path to properly drop the remount protection."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrigi\u00f3 la ruta de limpieza de errores en nfsd_rename() Confirme a8b0026847b8 (\"rename(): evite un punto muerto en el caso de que los padres no tengan un ancestro com\u00fan\") agreg\u00f3 una ruta de rescate de errores . Sin embargo, este camino no elimina la protecci\u00f3n de remontaje adquirida. Corrija la ruta de limpieza para eliminar correctamente la protecci\u00f3n de remontaje."}], "lastModified": "2025-09-23T15:14:31.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7733C2C9-77AB-41F9-BE33-99FF60A64DBB", "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}