{ "threat_severity" : "Moderate", "public_date" : "2024-10-21T00:00:00Z", "bugzilla" : { "description" : "kernel: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()", "id" : "2320602", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2320602" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\nOn the node of an NFS client, some files saved in the mountpoint of the\nNFS server were copied to another location of the same NFS server.\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference\ncrash with the following syslog:\n[232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n[232066.588586] Mem abort info:\n[232066.588701] ESR = 0x0000000096000007\n[232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits\n[232066.589084] SET = 0, FnV = 0\n[232066.589216] EA = 0, S1PTW = 0\n[232066.589340] FSC = 0x07: level 3 translation fault\n[232066.589559] Data abort info:\n[232066.589683] ISV = 0, ISS = 0x00000007\n[232066.589842] CM = 0, WnR = 0\n[232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400\n[232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000\n[232066.590757] Internal error: Oops: 96000007 [#1] SMP\n[232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2\n[232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs\n[232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1\n[232066.597356] Hardware name: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06\n[232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4]\n[232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4]\n[232066.598595] sp : ffff8000f568fc70\n[232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000\n[232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001\n[232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050\n[232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000\n[232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000\n[232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6\n[232066.600498] x11: 00000000000000\n---truncated---" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-50046\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50046\nhttps://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-50046-a9b4@gregkh/T" ], "name" : "CVE-2024-50046", "csaw" : false }