Jorge Mora

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.0-61.fc40.aarch64 **Description** A vulnerability has been resolved in the Linux kernel, specifically in the NFSv4.2 module. The issue arises when the `listxattr()` function is called with a buffer size of 0, which returns the actual size of the buffer needed for a subsequent call. However, when the size is greater than 0, `nfs4 listxattr()` does not return an error, causing the `nfs4 listxattr nfs4 user()` function to trigger a kernel bug. This bug is reproduced when `generic listxattr()` returns 'system.nfs4 acl', and `lisxattr()` is called with a size of 16. To fix this issue, a check has been added to `nfs4 listxattr()` to return an ERANGE error when it is called with a size greater than 0 and the return value is greater than the size. **Recommendations** To resolve this issue, update the Linux kernel to a version later than 6.6.0-61.fc40.aarch64. As a temporary workaround, consider disabling the `nfs4 listxattr()` function until a patch is available. Additionally, restrict access to the vulnerable NFSv4.2 module to minimize the risk of exploitation.