Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-46690
HistorySep 13, 2024 - 5:29 a.m.

CVE-2024-46690 nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease

2024-09-1305:29:20
Linux
www.cve.org
4
linux kernel
nfsd
vulnerability
fix
third party lease
nfsd4_deleg_getattr_conflict
dereference
nfs4_delegation
cve

EPSS

0

Percentile

9.6%

JSON

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease

It is not safe to dereference fl->c.flc_owner without first confirming
fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()
tests fl_lmops but largely ignores the result and assumes that flc_owner
is an nfs4_delegation anyway. This is wrong.

With this patch we restore the “!= &nfsd_lease_mng_ops” case to behave
as it did before the change mentioned below. This is the same as the
current code, but without any reference to a possible delegation.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nfsd/nfs4state.c"
    ],
    "versions": [
      {
        "version": "c5967721e106",
        "lessThan": "1b46a871e980",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c5967721e106",
        "lessThan": "40927f3d0972",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nfsd/nfs4state.c"
    ],
    "versions": [
      {
        "version": "6.9",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.9",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.8",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

osv 1
cve 1
debiancve 1
nvd 1
osv
osv
CVE-2024-46690
2024-09-13 06:15:13
cve
cve
CVE-2024-46690
2024-09-13 06:15:13
debiancve
debiancve
CVE-2024-46690
2024-09-13 06:15:13
nvd
nvd
CVE-2024-46690
2024-09-13 06:15:13

EPSS

0

Percentile

9.6%

JSON
Related for CVELIST:CVE-2024-46690
osv1cve1debiancve1nvd1