| The vulnerability resides in the NFSv4 code of the Linux kernel, specifically in the `pnfs_mark_matching_lsegs_return()` function. This function is called by `_pnfs_return_layout()` with a NULL pointer as an argument, which represents a struct `pnfs_layout_range`. However, `pnfs_mark_matching_lsegs_return()` does not perform any checks on this argument before dereferencing it, leading to a NULL pointer dereference and causing a kernel oops. |
| This issue was introduced in various kernel versions through different commits, including 4.9.269, 4.14.233, 4.19.191, 5.4.118, 5.10.36, 5.11.20, and 5.12.3. It has been fixed in subsequent kernel releases, including 4.9.271, 4.14.235, 4.19.193, 5.4.124, 5.10.42, and 5.12.9. |
| The affected file is `fs/nfs/pnfs.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as other bugfixes. If updating is not possible, individual changes can be cherry-picked from the provided commit links. However, the Linux kernel community does not recommend or support cherry-picking individual commits. |
