Linux Kernel NFSv4 Uninitialized Label Vulnerability Leading to Crash

Vulnerability

A vulnerability in the Linux kernel's NFSv4 implementation was introduced by an improper handling of uninitialized data during referral lookups. This flaw caused a system crash when certain commands, like 'ls', were executed. The issue has been addressed by ensuring that the already-allocated file attributes are sent along with the file system locations, thereby preventing the crash by eliminating the need for additional memory allocations.

Impact

Exploitation of this vulnerability could lead to a system crash, causing a denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NFSv4 Uninitialized Label Vulnerability Leading to Crash

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating