In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without first confirming
fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()
tests fl_lmops but largely ignores the result and assumes that flc_owner
is an nfs4_delegation anyway. This is wrong.
With this patch we restore the "!= &nfsd_lease_mng_ops" case to behave
as it did before the change mentioned below. This is the same as the
current code, but without any reference to a possible delegation.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Sun, 29 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 20 Sep 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
Fri, 13 Sep 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 13 Sep 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict() tests fl_lmops but largely ignores the result and assumes that flc_owner is an nfs4_delegation anyway. This is wrong. With this patch we restore the "!= &nfsd_lease_mng_ops" case to behave as it did before the change mentioned below. This is the same as the current code, but without any reference to a possible delegation. | |
Title | nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-09-13T05:29:20.368Z
Updated: 2024-12-19T09:21:02.857Z
Reserved: 2024-09-11T15:12:18.249Z
Link: CVE-2024-46690
Vulnrichment
Updated: 2024-09-29T15:07:12.669Z
NVD
Status : Analyzed
Published: 2024-09-13T06:15:13.753
Modified: 2024-09-20T15:55:24.430
Link: CVE-2024-46690
Redhat