CVE-2024-50121

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue arises when the nfsd client shrinker is running concurrently with the nfs4 state shutdown net function, leading to potential use-after-free errors. This occurs because the expire client function unhashes and then destroys a client, while the nfs4 state destroy net function releases resources without waiting for the shrinker to exit. Technical details include the involvement of nfsd file cache shutdown, kmem cache destroy, and the nfsd file slab and nfsd file mark slab caches. The nfs4 state shutdown net function is critical in this process, as it is responsible for shutting down the NFS server.

Recommendations: To resolve this issue, update the Linux kernel to version 6.6.61 or later. As a temporary workaround, consider disabling the nfsd shrinker work function until a patch is available. Restrict access to the vulnerable nfsd module to minimize the risk of exploitation. Avoid using the nfsd client shrinker concurrently with the nfs4 state shutdown net function until the issue is resolved.