CVE-2024-46690

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the nfsd4 deleg getattr conflict function in the Linux kernel, which does not properly confirm the expected manager before dereferencing fl->c.flc owner. This can lead to incorrect assumptions about the flc owner being an nfs4 delegation. The patch restores the behavior of the "!= &nfsd lease mng ops" case to its previous state, without referencing a possible delegation. The function nfsd4 deleg getattr conflict() tests fl lmops but largely ignores the result. Technical details include the dereference of fl->c.flc owner without confirming fl->fl lmops is the expected manager.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.