{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:40:58.421","vulnerabilities":[{"cve":{"id":"CVE-2024-49855","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-10-21T13:15:06.270","lastModified":"2025-11-03T23:16:25.703","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd->lock is grabbed for clearing the flag and the\nrequeue."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nbd: se corrige la ejecución entre el tiempo de espera y la finalización normal. Si el tiempo de espera de la solicitud lo maneja nbd_requeue_cmd(), la finalización normal debe detenerse para evitar completar esta solicitud en cola; se pueden activar otros use after free. Corrija la ejecución borrando NBD_CMD_INFLIGHT en nbd_requeue_cmd(); mientras tanto, asegúrese de que cmd->lock se captura para borrar la bandera y la puesta en cola."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18.4","versionEndExcluding":"5.19","matchCriteriaId":"C681E105-4A0C-49A5-9351-D60E86303ED3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.113","matchCriteriaId":"7D848431-3C7A-4C40-BC35-515047E89ABE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.54","matchCriteriaId":"D448821D-C085-4CAF-88FA-2DDE7BE21976"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.10.13","matchCriteriaId":"CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.11.2","matchCriteriaId":"AB755D26-97F4-43B6-8604-CD076811E181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.17.15:*:*:*:*:*:*:*","matchCriteriaId":"EECD1046-480D-4996-83EB-3406D178BA84"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}