CVE-2024-46690

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease

It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict() tests fl_lmops but largely ignores the result and assumes that flc_owner is an nfs4_delegation anyway. This is wrong.

With this patch we restore the "!= &nfsd_lease_mng_ops" case to behave as it did before the change mentioned below. This is the same as the current code, but without any reference to a possible delegation.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc5967721e1063648b0506481585ba7e2e49a075e < 1b46a871e980e3daa16fd5e77539966492e8910aaffected
LinuxLinuxc5967721e1063648b0506481585ba7e2e49a075e < 40927f3d0972bf86357a32a5749be71a551241b6affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.10.8 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References