CVE-2024-46690

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46690

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46690.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-46690

Downstream

BELL-CVE-2024-46690

DEBIAN-CVE-2024-46690

UBUNTU-CVE-2024-46690

Published

2024-09-13T05:29:20Z

Modified

2025-10-22T02:11:15.365266Z

Summary

nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease

Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix nfsd4deleggetattr_conflict in presence of third party lease

It is not safe to dereference fl->c.flcowner without first confirming fl->fllmops is the expected manager. nfsd4deleggetattrconflict() tests fllmops but largely ignores the result and assumes that flcowner is an nfs4delegation anyway. This is wrong.

With this patch we restore the "!= &nfsdleasemng_ops" case to behave as it did before the change mentioned below. This is the same as the current code, but without any reference to a possible delegation.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c5967721e1063648b0506481585ba7e2e49a075e

Fixed

1b46a871e980e3daa16fd5e77539966492e8910a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c5967721e1063648b0506481585ba7e2e49a075e

Fixed

40927f3d0972bf86357a32a5749be71a551241b6

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.8

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.9.0

Fixed

6.10.8