CVE-2023-52909

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the handling of cached open files in the nfsd4 open codepath. It's racy, as a newly-created nfsd file can end up with its PENDING bit cleared while the nf is hashed, and the nf file pointer is still zeroed out. Other tasks can find it in this state and they expect to see a valid nf file, and can oops if nf file is NULL. Also, there is no guarantee that we'll end up creating a new nfsd file if one is already in the hash. If an extant entry is in the hash with a valid nf file, nfs4 get vfs file will clobber its nf file pointer with the value of op file and the old nf file will leak. The problem can lead to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.