CVE-2024-53216

HIGHNVD 7.87.8
EchelonGraph scoreMEDIUM confidence

Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2024-12-27. NVD baseline CVSS 7.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
7.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.8Exploit: NoneExposed: 0

A fix is available — apply it.

In the Linux kernel, the following vulnerability has been resolved:

nfsd: release svc_expkey/svc_export with rcu_work

The last reference for cache_head can be reduced to zero in c_show and e_show(using rcu_read_lock and rcu_read_unlock). Consequently, svc_export_put and expkey_put will be invoked, leading to two issues:

  • The svc_export_put will directly free ex_uuid. However,
e_show/c_show will access ex_uuid after cache_put, which can trigger a use-after-free issue, shown below.

================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870

CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

  • We cannot sleep while using rcu_read_lock/rcu_read_unlock.
However, svc_export_put/expkey_put will call path_put, which subsequently triggers a sleeping operation due to the following dput.

============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted ----------------------------- ... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1

Fix these issues by using rcu_work to help release svc_expkey/svc_export. This approach allows for an asynchronous context to invoke path_put and also facilitates the freeing of uuid/exp/key after an RCU grace period.

CVSS v3
7.8
EG Score
7.8(medium)
EPSS
12.2%
KEV
Not listed

Published

December 27, 2024

Last Modified

March 24, 2025

Vendor Advisories for CVE-2024-53216(3)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(7)

Vendor / EcosystemFixed in / PatchReleasedSource
ubuntulinux-tools-realtime-hwe-24.04-edge (6.11.0-1005.5) @ oracular2026-05-23ubuntu
ubuntulinux-tools-oem-24.04b (6.11.0-1015.15) @ noble2026-05-23ubuntu
ubuntulinux-virtual-hwe-24.04-edge (6.11.0-18.18) @ oracular2026-05-23ubuntu
redhatkernel-0:5.14.0-570.112.1.el9_62026-05-06redhat
redhatkernel-0:6.12.0-124.8.1.el10_12025-11-11redhat
redhatkernel-0:5.14.0-570.12.1.el9_62025-05-13redhat
linuxKernel @ 6.6.64osv

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Additional Vendor Advisories

(3)

Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.

Data Freshness Timeline

(refreshed 10× in last 7d / 45× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-15 16:57 UTCEPSS rescore
  2. 2026-07-15 01:59 UTCEPSS rescore
  3. 2026-07-15 01:59 UTCEPSS rescore
  4. 2026-07-13 22:29 UTCEPSS rescore
  5. 2026-07-13 15:37 UTCOSV refresh
  6. 2026-07-13 06:12 UTCEPSS rescore
  7. 2026-07-12 05:45 UTCEPSS rescore
  8. 2026-07-11 08:26 UTCEPSS rescore
  9. 2026-07-09 19:09 UTCEPSS rescore
  10. 2026-07-09 19:09 UTCEPSS rescore
  11. 2026-07-08 15:14 UTCEPSS rescore
  12. 2026-07-07 13:45 UTCEPSS rescore
  13. 2026-07-07 13:45 UTCEPSS rescore
  14. 2026-07-06 16:26 UTCEPSS rescore
  15. 2026-07-06 16:26 UTCEPSS rescore
  16. 2026-07-06 02:22 UTCEPSS rescore
  17. 2026-07-05 02:29 UTCEPSS rescore
  18. 2026-07-04 06:30 UTCEPSS rescore
  19. 2026-07-04 06:30 UTCEPSS rescore
  20. 2026-07-01 15:06 UTCEPSS rescore
  21. 2026-06-30 23:21 UTCEPSS rescore
  22. 2026-06-30 23:21 UTCEPSS rescore
  23. 2026-06-29 14:05 UTCEPSS rescore
  24. 2026-06-28 14:07 UTCEPSS rescore
  25. 2026-06-28 04:55 UTCEPSS rescore
Show 63 more
  1. 2026-06-28 04:55 UTCEPSS rescore
  2. 2026-06-27 03:08 UTCEPSS rescore
  3. 2026-06-27 03:07 UTCEPSS rescore
  4. 2026-06-25 13:49 UTCEPSS rescore
  5. 2026-06-25 13:49 UTCEPSS rescore
  6. 2026-06-25 13:01 UTCOSV refresh
  7. 2026-06-24 14:04 UTCEPSS rescore
  8. 2026-06-24 14:04 UTCEPSS rescore
  9. 2026-06-23 21:32 UTCEPSS rescore
  10. 2026-06-22 14:25 UTCEPSS rescore
  11. 2026-06-22 14:25 UTCEPSS rescore
  12. 2026-06-21 14:56 UTCEPSS rescore
  13. 2026-06-21 14:56 UTCEPSS rescore
  14. 2026-06-21 01:59 UTCEPSS rescore
  15. 2026-06-19 19:25 UTCEPSS rescore
  16. 2026-06-19 19:25 UTCEPSS rescore
  17. 2026-06-18 17:52 UTCEPSS rescore
  18. 2026-06-18 17:52 UTCEPSS rescore
  19. 2026-06-17 17:52 UTCEPSS rescore
  20. 2026-06-16 17:52 UTCEPSS rescore
  21. 2026-06-15 17:48 UTCEPSS rescore
  22. 2026-06-14 23:17 UTCEPSS rescore
  23. 2026-06-13 22:59 UTCEPSS rescore
  24. 2026-06-13 22:59 UTCEPSS rescore
  25. 2026-06-11 13:59 UTCEPSS rescore
  26. 2026-06-11 13:59 UTCEPSS rescore
  27. 2026-06-10 22:18 UTCEPSS rescore
  28. 2026-06-10 22:18 UTCEPSS rescore
  29. 2026-06-10 13:21 UTCEPSS rescore
  30. 2026-06-08 14:16 UTCEPSS rescore
  31. 2026-06-08 14:16 UTCEPSS rescore
  32. 2026-06-08 03:28 UTCOSV refresh
  33. 2026-06-07 15:24 UTCEPSS rescore
  34. 2026-06-07 15:24 UTCEPSS rescore
  35. 2026-06-06 13:46 UTCEPSS rescore
  36. 2026-06-06 13:46 UTCEPSS rescore
  37. 2026-06-05 22:46 UTCEPSS rescore
  38. 2026-06-05 22:46 UTCEPSS rescore
  39. 2026-06-05 06:09 UTCEPSS rescore
  40. 2026-06-05 06:09 UTCEPSS rescore
  41. 2026-06-04 13:11 UTCEPSS rescore
  42. 2026-06-04 13:11 UTCEPSS rescore
  43. 2026-06-02 20:12 UTCEPSS rescore
  44. 2026-06-01 13:51 UTCEPSS rescore
  45. 2026-06-01 13:51 UTCEPSS rescore
  46. 2026-05-31 22:30 UTCEPSS rescore
  47. 2026-05-31 22:30 UTCEPSS rescore
  48. 2026-05-31 00:16 UTCEPSS rescore
  49. 2026-05-31 00:16 UTCEPSS rescore
  50. 2026-05-29 13:43 UTCEPSS rescore
  51. 2026-05-28 13:44 UTCEPSS rescore
  52. 2026-05-28 13:44 UTCEPSS rescore
  53. 2026-05-28 13:44 UTCEPSS rescore
  54. 2026-05-27 13:40 UTCEPSS rescore
  55. 2026-05-27 13:40 UTCEPSS rescore
  56. 2026-05-26 13:43 UTCEPSS rescore
  57. 2026-05-26 13:43 UTCEPSS rescore
  58. 2026-05-26 07:18 UTCEPSS rescore
  59. 2026-05-26 07:18 UTCEPSS rescore
  60. 2026-05-26 07:18 UTCEPSS rescore
  61. 2026-05-23 15:54 UTCEG score recompute
  62. 2026-05-23 15:54 UTCVendor advisory
  63. 2026-05-23 15:54 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2024-53216?
CVE-2024-53216 is a high vulnerability published on December 27, 2024. In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcu_work The last reference for cachehead can be reduced to zero in cshow and eshow(using rcureadlock and rcuread_unlock). Consequently, svcexportput and expkey_put will be invoked, leading to…
When was CVE-2024-53216 disclosed?
CVE-2024-53216 was first published in the National Vulnerability Database on December 27, 2024, with the most recent update on March 24, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2024-53216 actively exploited?
CVE-2024-53216 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 12.2% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2024-53216?
CVE-2024-53216 has a CVSS v3 base score of 7.8 (NVD).
How do I remediate CVE-2024-53216?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2024-53216, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2024-53216

Explore →

Is Your Infrastructure Affected by CVE-2024-53216?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.