CVE-2024-49974Allocation of Resources Without Limits or Throttling in Linux

CWE-770Allocation of Resources Without Limits or Throttling74 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8
EPSS
0.0%
top 98.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedOct 21
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB chunks, so can run for a long time. Thus IMO async COPY can become a DoS vector. Add a restriction mechanism that bounds the number of concurrent background COPY operations. Start simple and try to be f

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel6.116.11.3+1
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-214.234+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

36
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-xilinx-zynqmp vulnerabilities2025-05-02
OSV
linux-gcp-5.15 vulnerabilities2025-04-28
OSV
linux-azure-nvidia vulnerabilities2025-04-28

📋Vendor Advisories

37
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-05-02
Ubuntu
Linux kernel (GCP) vulnerabilities2025-04-28
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-04-28