CVE-2024-46682

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Linux kernel's nfsd component, where a panic can occur when handling closed files in nfs4 show open. Prior to a specific commit, the states show function relied on the sc type field being of a valid type before calling a subfunction to show content of a particular stateid. After the commit, the validity of the stateid was split into sc status, and sc type was no longer changed to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 opens that stay around, and in nfs4 show open, it would dereference sc file, which was NULL. To reproduce, one can mount the server with 4.0, read and close a file, and then on the server, cat /proc/fs/nfsd/clients/2/states.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.