CVE-2024-50106

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a race condition between the laundromat handling of revoked delegations and a client sending a free stateid operation in the Linux kernel's NFS server. This can lead to a use-after-free error, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by the laundromat thread marking a delegation as revoked and putting it on a reaper list, but then unlocking the state lock, allowing a racing free stateid processing thread to remove the delegation from the list and free its structure. A new open for the file can then try to dereference the freed delegation stateid, resulting in a use-after-free error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.