CVE-2024-46682
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-46682
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46682.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-46682
- Related
- Published
- 2024-09-13T06:15:12Z
- Modified
- 2024-09-18T03:26:39.127435Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfsd: prevent panic for nfsv4.0 closed files in nfs4showopen
Prior to commit 3f29cc82a84c ("nfsd: split scstatus out of sctype") statesshow() relied on sctype field to be of valid type before calling into a subfunction to show content of a particular stateid. From that commit, we split the validity of the stateid into scstatus and no longer changed sctype to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 opens that stay around and in nfs4showopen() would derefence sc_file which was NULL.
Instead, for closed open stateids forgo displaying information that relies of having a valid sc_file.
To reproduce: mount the server with 4.0, read and close a file and then on the server cat /proc/fs/nfsd/clients/2/states
[ 513.590804] Call trace: [ 513.590925] rawspinlock+0xcc/0x160 [ 513.591119] nfs4showopen+0x78/0x2c0 [nfsd] [ 513.591412] statesshow+0x44c/0x488 [nfsd] [ 513.591681] seqreaditer+0x5d8/0x760 [ 513.591896] seqread+0x188/0x208 [ 513.592075] vfsread+0x148/0x470 [ 513.592241] ksys_read+0xcc/0x178
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.10.9-1