CVE-2024-58092: nfsd: fix legacy client tracking initialization

Description

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix legacy client tracking initialization

Get rid of the nfsd4_legacy_tracking_ops->init() call in
check_for_legacy_methods(). That will be handled in the caller
(nfsd4_client_tracking_init()). Otherwise, we'll wind up calling
nfsd4_legacy_tracking_ops->init() twice, and the second time we'll
trigger the BUG_ON() in nfsd4_init_recdir().

Classification

CVE ID: CVE-2024-58092

Affected Products

Vendor: Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.53% (scored less or equal to compared to others)

EPSS Date: 2025-04-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58092
https://git.kernel.org/stable/c/95407304253a4bf03494d921c6913e220c26cc63
https://git.kernel.org/stable/c/cdd66082b227eb695cbf54b7c121ea032e869981
https://git.kernel.org/stable/c/de71d4e211eddb670b285a0ea477a299601ce1ca

Timeline

2025-04-16 11:40:10 UTC
CVE

nfsd: fix legacy client tracking initialization