CVE-2024-50046: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash with the following syslog: [232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058 [232066.588586] Mem abort info: [232066.588701] ESR = 0x0000000096000007 [232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits [232066.589084] SET = 0, FnV = 0 [232066.589216] EA = 0, S1PTW = 0 [232066.589340] FSC = 0x07: level 3 translation fault [232066.589559] Data abort info: [232066.589683] ISV = 0, ISS = 0x00000007 [232066.589842] CM = 0, WnR = 0 [232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400 [232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000 [232066.590757] Internal error: Oops: 96000007 [#1] SMP [232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2 [232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs [232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1 [232066.597356] Hardware name: Great Wall .\x93\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06 [232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4] [232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4] [232066.598595] sp : ffff8000f568fc70 [232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000 [232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001 [232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050 [232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000 [232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000 [232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6 [232066.600498] x11: 00000000000000 ---truncated---
AI Analysis
Technical Summary
CVE-2024-50046 is a vulnerability in the Linux kernel affecting the NFSv4 (Network File System version 4) client implementation. Specifically, the flaw occurs in the nfs42_complete_copies() function, which is responsible for handling file copy operations on NFSv4 mount points. When files saved on an NFS server mount point are copied to another location on the same NFS server, the function may encounter a NULL pointer dereference, leading to a kernel crash. The vulnerability manifests as a NULL pointer dereference in the kernel space, causing an 'Oops' error and a system crash or kernel panic. The provided logs show detailed kernel debug information, including memory abort info and stack traces, confirming the NULL pointer dereference during state recovery of open files on the NFS client node. This issue arises from improper handling of state recovery in the NFSv4 client code path, specifically in nfs4_reclaim_open_state(). The vulnerability affects Linux kernel versions containing the referenced commit hashes and is resolved in recent kernel updates. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts system stability and availability by causing kernel crashes during legitimate NFS file operations, potentially leading to denial of service (DoS) conditions on affected systems.
Potential Impact
For European organizations relying on Linux servers with NFSv4 mounts, this vulnerability poses a risk of unexpected system crashes and service interruptions. NFS is widely used in enterprise environments for shared storage, virtualization infrastructure, and cloud services. A kernel crash on a critical file server or virtual machine host could disrupt business operations, data access, and application availability. Organizations with high dependency on NFS for storage in sectors such as finance, manufacturing, telecommunications, and public services may experience operational downtime. Although the vulnerability does not directly lead to data breaches or privilege escalation, the resulting denial of service could impact service level agreements and cause cascading failures in distributed systems. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and prevent potential exploitation attempts in the future.
Mitigation Recommendations
1. Apply the latest Linux kernel patches that address CVE-2024-50046 as soon as they become available from your Linux distribution vendor. 2. In environments where immediate patching is not feasible, consider temporarily disabling or limiting NFSv4 client operations involving file copy actions on NFS mount points to reduce exposure. 3. Monitor system logs for kernel Oops messages or NFS state recovery failures indicative of this issue. 4. Implement robust backup and recovery procedures to mitigate impact from potential system crashes. 5. For critical systems, consider isolating NFS clients or using alternative file sharing protocols until patched. 6. Engage with Linux distribution security advisories and subscribe to vulnerability notifications to stay informed about updates and mitigations. 7. Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before production deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-50046: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash with the following syslog: [232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058 [232066.588586] Mem abort info: [232066.588701] ESR = 0x0000000096000007 [232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits [232066.589084] SET = 0, FnV = 0 [232066.589216] EA = 0, S1PTW = 0 [232066.589340] FSC = 0x07: level 3 translation fault [232066.589559] Data abort info: [232066.589683] ISV = 0, ISS = 0x00000007 [232066.589842] CM = 0, WnR = 0 [232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400 [232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000 [232066.590757] Internal error: Oops: 96000007 [#1] SMP [232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2 [232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs [232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1 [232066.597356] Hardware name: Great Wall .\x93\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06 [232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4] [232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4] [232066.598595] sp : ffff8000f568fc70 [232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000 [232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001 [232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050 [232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000 [232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000 [232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6 [232066.600498] x11: 00000000000000 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-50046 is a vulnerability in the Linux kernel affecting the NFSv4 (Network File System version 4) client implementation. Specifically, the flaw occurs in the nfs42_complete_copies() function, which is responsible for handling file copy operations on NFSv4 mount points. When files saved on an NFS server mount point are copied to another location on the same NFS server, the function may encounter a NULL pointer dereference, leading to a kernel crash. The vulnerability manifests as a NULL pointer dereference in the kernel space, causing an 'Oops' error and a system crash or kernel panic. The provided logs show detailed kernel debug information, including memory abort info and stack traces, confirming the NULL pointer dereference during state recovery of open files on the NFS client node. This issue arises from improper handling of state recovery in the NFSv4 client code path, specifically in nfs4_reclaim_open_state(). The vulnerability affects Linux kernel versions containing the referenced commit hashes and is resolved in recent kernel updates. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts system stability and availability by causing kernel crashes during legitimate NFS file operations, potentially leading to denial of service (DoS) conditions on affected systems.
Potential Impact
For European organizations relying on Linux servers with NFSv4 mounts, this vulnerability poses a risk of unexpected system crashes and service interruptions. NFS is widely used in enterprise environments for shared storage, virtualization infrastructure, and cloud services. A kernel crash on a critical file server or virtual machine host could disrupt business operations, data access, and application availability. Organizations with high dependency on NFS for storage in sectors such as finance, manufacturing, telecommunications, and public services may experience operational downtime. Although the vulnerability does not directly lead to data breaches or privilege escalation, the resulting denial of service could impact service level agreements and cause cascading failures in distributed systems. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and prevent potential exploitation attempts in the future.
Mitigation Recommendations
1. Apply the latest Linux kernel patches that address CVE-2024-50046 as soon as they become available from your Linux distribution vendor. 2. In environments where immediate patching is not feasible, consider temporarily disabling or limiting NFSv4 client operations involving file copy actions on NFS mount points to reduce exposure. 3. Monitor system logs for kernel Oops messages or NFS state recovery failures indicative of this issue. 4. Implement robust backup and recovery procedures to mitigate impact from potential system crashes. 5. For critical systems, consider isolating NFS clients or using alternative file sharing protocols until patched. 6. Engage with Linux distribution security advisories and subscribe to vulnerability notifications to stay informed about updates and mitigations. 7. Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before production deployment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T12:17:06.071Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfdc3
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 4:40:58 PM
Last updated: 7/23/2025, 8:52:50 PM
Views: 8
Related Threats
CVE-2025-8135: SQL Injection in itsourcecode Insurance Management System
MediumCVE-2025-8134: SQL Injection in PHPGurukul BP Monitoring Management System
MediumCVE-2025-7022: CWE-79 Cross-Site Scripting (XSS) in My Reservation System
HighCVE-2025-8133: Server-Side Request Forgery in yanyutao0402 ChanCMS
MediumCVE-2025-8132: Path Traversal in yanyutao0402 ChanCMS
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.