tmp/CVE-2024-0000.json - pub/scm/linux/security/vulns - Git at Google

 {
     "containers": {
         "cna": {
             "affected": [
                 {
                     "defaultStatus": "unaffected",
                     "product": "Linux",
                     "vendor": "Linux",
                     "versions": [
                         {
                             "lessThan": "6.7",
                             "status": "affected",
                             "version": "0",
                             "versionType": "custom"
                         }
                     ]
                 }
             ],
             "descriptions": [
                 {
                     "lang": "en",
                     "supportingMedia": [
                         {
                             "base64": false,
                             "type": "text/html",
                             "value": "<p>It's not safe to call nfsd_put once nfsd_last_thread has been called, as</p><p>that function will zero out the nn-&gt;nfsd_serv pointer.</p><p>Drop the nfsd_put helper altogether and open-code the svc_put in its</p><p>callers instead. That allows us to not be reliant on the value of that</p><p>pointer when handling an error.</p><p>Fixes: 2a501f55cd64 (\"nfsd: call nfsd_last_thread() before final nfsd_put()\")</p><p>Reported-by: Zhi Li &lt;yieli@redhat.com&gt;</p><p>Cc: NeilBrown &lt;neilb@suse.de&gt;</p><p>Signed-off-by: Jeffrey Layton &lt;jlayton@redhat.com&gt;</p><p>Signed-off-by: Chuck Lever &lt;chuck.lever@oracle.com&gt;</p>"
                         }
                     ],
                     "value": "It's not safe to call nfsd_put once nfsd_last_thread has been called, as\n\nthat function will zero out the nn->nfsd_serv pointer.\n\nDrop the nfsd_put helper altogether and open-code the svc_put in its\n\ncallers instead. That allows us to not be reliant on the value of that\n\npointer when handling an error.\n\nFixes: 2a501f55cd64 (\"nfsd: call nfsd_last_thread() before final nfsd_put()\")\n\nReported-by: Zhi Li <yieli@redhat.com>\n\nCc: NeilBrown <neilb@suse.de>\n\nSigned-off-by: Jeffrey Layton <jlayton@redhat.com>\n\nSigned-off-by: Chuck Lever <chuck.lever@oracle.com>\n\n"
                 }
             ],
             "providerMetadata": {
                 "orgId": "00000000-0000-4000-9000-000000000000"
             },
             "references": [
                 {
                     "url": "https://git.kernel.org/torvalds/c/64e6304169f1e1f078e7f0798033f80a7fb0ea46"
                 }
             ],
             "source": {
                 "discovery": "UNKNOWN"
             },
             "title": "nfsd: drop the nfsd_put helper",
             "x_generator": {
                 "engine": "Vulnogram 0.1.0-dev"
             }
         }
     },
     "cveMetadata": {
         "assignerOrgId": "00000000-0000-4000-9000-000000000000",
         "cveId": "CVE-2024-0000",
         "requesterUserId": "00000000-0000-4000-9000-000000000000",
         "serial": 1,
         "state": "PUBLISHED"
     },
     "dataType": "CVE_RECORD",
     "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"affected": [
	{
	"defaultStatus": "unaffected",
	"product": "Linux",
	"vendor": "Linux",
	"versions": [
	{
	"lessThan": "6.7",
	"status": "affected",
	"version": "0",
	"versionType": "custom"
	}
	]
	}
	],
	"descriptions": [
	{
	"lang": "en",
	"supportingMedia": [
	{
	"base64": false,
	"type": "text/html",
	"value": "<p>It's not safe to call nfsd_put once nfsd_last_thread has been called, as</p><p>that function will zero out the nn->nfsd_serv pointer.</p><p>Drop the nfsd_put helper altogether and open-code the svc_put in its</p><p>callers instead. That allows us to not be reliant on the value of that</p><p>pointer when handling an error.</p><p>Fixes: 2a501f55cd64 (\"nfsd: call nfsd_last_thread() before final nfsd_put()\")</p><p>Reported-by: Zhi Li <yieli@redhat.com></p><p>Cc: NeilBrown <neilb@suse.de></p><p>Signed-off-by: Jeffrey Layton <jlayton@redhat.com></p><p>Signed-off-by: Chuck Lever <chuck.lever@oracle.com></p>"
	}
	],
	"value": "It's not safe to call nfsd_put once nfsd_last_thread has been called, as\n\nthat function will zero out the nn->nfsd_serv pointer.\n\nDrop the nfsd_put helper altogether and open-code the svc_put in its\n\ncallers instead. That allows us to not be reliant on the value of that\n\npointer when handling an error.\n\nFixes: 2a501f55cd64 (\"nfsd: call nfsd_last_thread() before final nfsd_put()\")\n\nReported-by: Zhi Li <yieli@redhat.com>\n\nCc: NeilBrown <neilb@suse.de>\n\nSigned-off-by: Jeffrey Layton <jlayton@redhat.com>\n\nSigned-off-by: Chuck Lever <chuck.lever@oracle.com>\n\n"
	}
	],
	"providerMetadata": {
	"orgId": "00000000-0000-4000-9000-000000000000"
	},
	"references": [
	{
	"url": "https://git.kernel.org/torvalds/c/64e6304169f1e1f078e7f0798033f80a7fb0ea46"
	}
	],
	"source": {
	"discovery": "UNKNOWN"
	},
	"title": "nfsd: drop the nfsd_put helper",
	"x_generator": {
	"engine": "Vulnogram 0.1.0-dev"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "00000000-0000-4000-9000-000000000000",
	"cveId": "CVE-2024-0000",
	"requesterUserId": "00000000-0000-4000-9000-000000000000",
	"serial": 1,
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}