[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-53216":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2024-53216","In the Linux kernel, the following vulnerability has been resolved:  nfsd: release svc_expkey/svc_export with rcu_work  The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues:  1. The `svc_export_put` will directly free ex_uuid. However,    `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can    trigger a use-after-free issue, shown below.     ==================================================================    BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd]    Read of size 1 at addr ff11000010fdc120 by task cat/870     CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS    1.16.1-2.fc37 04/01/2014    Call Trace:     \u003CTASK>     dump_stack_lvl+0x53/0x70     print_address_description.constprop.0+0x2c/0x3a0     print_report+0xb9/0x280     kasan_report+0xae/0xe0     svc_export_show+0x362/0x430 [nfsd]     c_show+0x161/0x390 [sunrpc]     seq_read_iter+0x589/0x770     seq_read+0x1e5/0x270     proc_reg_read+0xe1/0x140     vfs_read+0x125/0x530     ksys_read+0xc1/0x160     do_syscall_64+0x5f/0x170     entry_SYSCALL_64_after_hwframe+0x76/0x7e     Allocated by task 830:     kasan_save_stack+0x20/0x40     kasan_save_track+0x14/0x30     __kasan_kmalloc+0x8f/0xa0     __kmalloc_node_track_caller_noprof+0x1bc/0x400     kmemdup_noprof+0x22/0x50     svc_export_parse+0x8a9/0xb80 [nfsd]     cache_do_downcall+0x71/0xa0 [sunrpc]     cache_write_procfs+0x8e/0xd0 [sunrpc]     proc_reg_write+0xe1/0x140     vfs_write+0x1a5/0x6d0     ksys_write+0xc1/0x160     do_syscall_64+0x5f/0x170     entry_SYSCALL_64_after_hwframe+0x76/0x7e     Freed by task 868:     kasan_save_stack+0x20/0x40     kasan_save_track+0x14/0x30     kasan_save_free_info+0x3b/0x60     __kasan_slab_free+0x37/0x50     kfree+0xf3/0x3e0     svc_export_put+0x87/0xb0 [nfsd]     cache_purge+0x17f/0x1f0 [sunrpc]     nfsd_destroy_serv+0x226/0x2d0 [nfsd]     nfsd_svc+0x125/0x1e0 [nfsd]     write_threads+0x16a/0x2a0 [nfsd]     nfsctl_transaction_write+0x74/0xa0 [nfsd]     vfs_write+0x1a5/0x6d0     ksys_write+0xc1/0x160     do_syscall_64+0x5f/0x170     entry_SYSCALL_64_after_hwframe+0x76/0x7e  2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`.    However, `svc_export_put`/`expkey_put` will call path_put, which    subsequently triggers a sleeping operation due to the following    `dput`.     =============================    WARNING: suspicious RCU usage    5.10.0-dirty #141 Not tainted    -----------------------------    ...    Call Trace:    dump_stack+0x9a/0xd0    ___might_sleep+0x231/0x240    dput+0x39/0x600    path_put+0x1b/0x30    svc_export_put+0x17/0x80    e_show+0x1c9/0x200    seq_read_iter+0x63f/0x7c0    seq_read+0x226/0x2d0    vfs_read+0x113/0x2c0    ksys_read+0xc9/0x170    do_syscall_64+0x33/0x40    entry_SYSCALL_64_after_hwframe+0x67/0xd1  Fix these issues by using `rcu_work` to help release `svc_expkey`/`svc_export`. This approach allows for an asynchronous context to invoke `path_put` and also facilitates the freeing of `uuid/exp/key` after an RCU grace period.",null,[],[],[],[14],{"_key":15},"CVE-2024-53216",[],[],[],"2024-12-27T14:15:29.587Z","2026-04-28T20:29:02.063134Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2024-53216",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,50,51,55],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":52,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":53,"version_end_type":54,"fixed_in":9},"lt6_12_3_1","6.12.3-1","excluding",{"version":52,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":53,"version_end_type":54,"fixed_in":9}]