CVE-2024-26870

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-61.fc40.aarch64

Description A vulnerability has been resolved in the Linux kernel, specifically in the NFSv4.2 module. The issue arises when the listxattr() function is called with a buffer size of 0, which returns the actual size of the buffer needed for a subsequent call. However, when the size is greater than 0, nfs4 listxattr() does not return an error, causing the nfs4 listxattr nfs4 user() function to trigger a kernel bug. This bug is reproduced when generic listxattr() returns 'system.nfs4 acl', and lisxattr() is called with a size of 16. To fix this issue, a check has been added to nfs4 listxattr() to return an ERANGE error when it is called with a size greater than 0 and the return value is greater than the size.

Recommendations To resolve this issue, update the Linux kernel to a version later than 6.6.0-61.fc40.aarch64. As a temporary workaround, consider disabling the nfs4 listxattr() function until a patch is available. Additionally, restrict access to the vulnerable NFSv4.2 module to minimize the risk of exploitation.