DEBIAN-CVE-2024-46682

In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4showopen Prior to commit 3f29cc82a84c ("nfsd: split scstatus out of sctype") statesshow() relied on sctype field to be of valid type before calling into a subfunction to show content of a particular stateid. From that commit, we split the validity of the stateid into scstatus and no longer changed sctype to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 opens that stay around and in nfs4showopen() would derefence scfile which was NULL. Instead, for closed open stateids forgo displaying information that relies of having a valid scfile. To reproduce: mount the server with 4.0, read and close a file and then on the server cat /proc/fs/nfsd/clients/2/states [ 513.590804] Call trace: [ 513.590925] rawspinlock+0xcc/0x160 [ 513.591119] nfs4showopen+0x78/0x2c0 [nfsd] [ 513.591412] statesshow+0x44c/0x488 [nfsd] [ 513.591681] seqreaditer+0x5d8/0x760 [ 513.591896] seqread+0x188/0x208 [ 513.592075] vfsread+0x148/0x470 [ 513.592241] ksys_read+0xcc/0x178