Scott Mayhew

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A security issue was identified in the Linux kernel related to the handling of server-side TLS alerts within the sunrpc component. The `tls alert recv()` function incorrectly assumed it could read data from the message iterator's kvec. This occurs because the kTLS implementation splits TLS record payloads between a control message buffer and a payload buffer. The patch addresses this by reworking how control messages are set up and used by `sock recvmsg()`. Specifically, the kTLS layer now returns an error upon encountering a TLS control message, allowing NFS to set up a kvec-backed message buffer to read the control message, such as a TLS alert. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the NFSD component in the Linux kernel, specifically with the `nfsd4 encode fattr4()` function. The problem arises because `args.acl` is not initialized early and is used in an unconditional call to `kfree()` when exiting `nfsd4 encode fattr4()`. This can lead to a crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.13.3 **Description** The issue allows local users to obtain sensitive information from kernel memory under certain circumstances. This is due to the nfs can extend write function relying on a write delegation to extend a write operation without proper verification. The exploitation involves writing to a file in an NFS filesystem and then reading the same file. **Recommendations** For Linux kernel versions prior to 3.13.3, update to version 3.13.3 or later to resolve the issue.