Anna Schumaker

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.13 through 5.10 **Description** The issue is related to a use-after-free in the `nfs4 init client()` function. KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. This could potentially impact the confidentiality, integrity, and availability of protected information. The problem seems to have arisen due to a change in the refcounting of the `clp` pointer, making the call to `nfs put client()` the last one. **Recommendations** For Linux kernel versions 4.13 through 5.10, consider updating to a newer version that includes the fix for the use-after-free in `nfs4 init client()`. As a temporary workaround, consider disabling the `nfs4 init client()` function until a patch is available. Restrict access to the vulnerable NFS module to minimize the risk of exploitation. Avoid using the `nfs4 init client()` function in scenarios where it could be exploited until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the `pnfs mark matching lsegs return()` function. This occurs when the ` pnfs return layout()` function calls `pnfs mark matching lsegs return()` with a NULL `struct pnfs layout range` argument, which is then dereferenced, causing a crash. The crash can be consistently reproduced when running connectathon basic tests on NFS v4.1/v4.2 against Ontap. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.