Trond Myklebust

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.0-rc6+ **Description** The vulnerability is related to the SUNRPC module in the Linux kernel, specifically with the TCP TLS functionality. A missing rpc stat for TCP TLS can cause a kernel NULL pointer dereference when mounting with xprtsec=tls, leading to a kernel oops. The issue arises from a commit that added functionality to specify rpc stats function but missed adding it to the TCP TLS functionality. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the SUNRPC vulnerability, which adds the missing rpc stat for TCP TLS. Ensure that the updated kernel version is compatible with your system and configuration.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.7.0 **Description** The vulnerability is related to the NFS component of the Linux kernel. It is caused by incorrect locking in the `nfs netfs issue read()` function, which can lead to a deadlock when interrupts are not disabled while iterating through pages in the xarray to submit for NFS read. This issue can be reproduced with a specific test and may cause inconsistent lock state warnings on a lockdep-enabled kernel. The problem can occur when another page in the mapping is processed for writeback inside an interrupt, leading to a potential deadlock. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the `nfs netfs issue read()` xarray locking for writeback interrupt. As a temporary workaround, consider disabling the `nfs netfs issue read()` function until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation. Note: The provided information does not specify the exact fixed version, so it is recommended to update to the latest available kernel version to ensure the inclusion of the necessary fix.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the NFSv4 protocol. The issue occurred during referral lookup, where an uninitialized `nfs4 label` was freed, causing a crash. The problem was fixed by sending the already-allocated `fattr` along with `nfs4 fs locations` and dropping the `memcpy` of `fattr`. This fix resolves a crash that occurred when the `ls` command was executed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential use-after-free issue has been identified in the Linux kernel, specifically within the NFSD component. The problem arises in the `nfsd file put()` function, where `nfsd file put noref()` can free the `@nf` object, and subsequently dereferencing `@nf` immediately after the return from `nfsd file put noref()` poses a risk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel's NFS writeback code has been resolved, where in low memory situations, writeback threads could get stuck in infinite loops in mempool alloc(), causing the system to fail. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns an Oops condition in the `pnfs mark request commit()` function when handling O DIRECT operations in NFSv4. This occurs when putting a set of writes on the commit list to reschedule them after a failed pNFS attempt. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an Oopsable condition in the ` nfs pageio add request()` function. To resolve this, `nfs pageio error cleanup()` has been updated to reset the mirror array contents, ensuring the structure reflects that it is empty. Additionally, the test in `nfs pageio do add request()` has been made more robust by checking if the list is empty rather than relying on the value of `pg count`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns the corruption of the `pg bytes written` value in the `nfs do recoalesce()` function. The value of `mirror->pg bytes written` should only be updated after a successful attempt to flush out the requests on the list. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.13.3 **Description** The issue allows local users to obtain sensitive information from kernel memory under certain circumstances. This is due to the nfs can extend write function relying on a write delegation to extend a write operation without proper verification. The exploitation involves writing to a file in an NFS filesystem and then reading the same file. **Recommendations** For Linux kernel versions prior to 3.13.3, update to version 3.13.3 or later to resolve the issue.