CVE-2024-46682

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-46682
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46682.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-46682
Downstream
Published
2024-09-13T05:29:15.294Z
Modified
2025-11-20T05:45:45.758357Z
Summary
nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: prevent panic for nfsv4.0 closed files in nfs4showopen

Prior to commit 3f29cc82a84c ("nfsd: split scstatus out of sctype") statesshow() relied on sctype field to be of valid type before calling into a subfunction to show content of a particular stateid. From that commit, we split the validity of the stateid into scstatus and no longer changed sctype to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 opens that stay around and in nfs4showopen() would derefence sc_file which was NULL.

Instead, for closed open stateids forgo displaying information that relies of having a valid sc_file.

To reproduce: mount the server with 4.0, read and close a file and then on the server cat /proc/fs/nfsd/clients/2/states

[ 513.590804] Call trace: [ 513.590925] rawspinlock+0xcc/0x160 [ 513.591119] nfs4showopen+0x78/0x2c0 [nfsd] [ 513.591412] statesshow+0x44c/0x488 [nfsd] [ 513.591681] seqreaditer+0x5d8/0x760 [ 513.591896] seqread+0x188/0x208 [ 513.592075] vfsread+0x148/0x470 [ 513.592241] ksys_read+0xcc/0x178

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3f29cc82a84c23cfd12b903029dd26002ca825f5
Fixed
ba0b697de298285301c71c258598226e06494236
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3f29cc82a84c23cfd12b903029dd26002ca825f5
Fixed
a204501e1743d695ca2930ed25a2be9f8ced96d3

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.8
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "fs/nfsd/nfs4state.c",
            "function": "nfs4_show_open"
        },
        "digest": {
            "length": 1049.0,
            "function_hash": "98214123756087920494303021508562941364"
        },
        "id": "CVE-2024-46682-15bd60bb",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba0b697de298285301c71c258598226e06494236",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "fs/nfsd/nfs4state.c",
            "function": "nfs4_show_open"
        },
        "digest": {
            "length": 1049.0,
            "function_hash": "98214123756087920494303021508562941364"
        },
        "id": "CVE-2024-46682-5d4f8765",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a204501e1743d695ca2930ed25a2be9f8ced96d3",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "fs/nfsd/nfs4state.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "28960750494253016270364298968189389206",
                "94911075558698856298592125359090027712",
                "131452135854860570004712879194681164555",
                "171966675258927717056678350595483192111",
                "34434693454573427042525573200005772428",
                "139850013673532714114545341380693045952",
                "230248917975456552120877456903649021323",
                "22949530615946740376097708232331737403",
                "259981438709234202883244527069927044260",
                "133993634174965799004113992994010190457",
                "182045780439096178121559423485186894349",
                "195517655993078914340291909734065713770"
            ]
        },
        "id": "CVE-2024-46682-5dc59f62",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba0b697de298285301c71c258598226e06494236",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "fs/nfsd/nfs4state.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "28960750494253016270364298968189389206",
                "94911075558698856298592125359090027712",
                "131452135854860570004712879194681164555",
                "171966675258927717056678350595483192111",
                "34434693454573427042525573200005772428",
                "139850013673532714114545341380693045952",
                "230248917975456552120877456903649021323",
                "22949530615946740376097708232331737403",
                "259981438709234202883244527069927044260",
                "133993634174965799004113992994010190457",
                "182045780439096178121559423485186894349",
                "195517655993078914340291909734065713770"
            ]
        },
        "id": "CVE-2024-46682-76a83e59",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a204501e1743d695ca2930ed25a2be9f8ced96d3",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.10.8