CVE-2024-49974

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf", "name": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b", "name": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0", "name": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e", "name": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752", "name": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e", "name": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e", "tags": [], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db", "name": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-49974", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2024-10-21T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.10.14"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-14T21:15Z"}