cve/published/2024/CVE-2024-47737.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-47737: nfsd: call cache_put if xdr_reserve_space returns NULL

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 nfsd: call cache_put if xdr_reserve_space returns NULL

 If not enough buffer space available, but idmap_lookup has triggered
 lookup_fn which calls cache_get and returns successfully. Then we
 missed to call cache_put here which pairs with cache_get.

 Reviwed-by: Jeff Layton <jlayton@kernel.org>

 The Linux kernel CVE team has assigned CVE-2024-47737 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 4.19.323 with commit 3e8081ebff12bec1347deaceb6bce0765cce54df
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 5.4.285 with commit c6b16e700cf4d959af524bd9d3978407ff7ce462
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 5.10.227 with commit 9f03f0016ff797932551881c7e06ae50e9c39134
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 5.15.168 with commit 9803ab882d565a8fb2dde5999d98866d1c499dfd
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.1.113 with commit 81821617312988096f5deccf0f7da6f888e98056
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.6.54 with commit a1afbbb5276f943ad7173d0b4c626b8c75a260da
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.10.13 with commit e32ee6a61041925d1a05c14d10352dcfce9ef029
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.11.2 with commit 8d0765f86135e27f0bb5c950c136495719b4c834
 	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.12 with commit d078cbf5c38de83bc31f83c47dcd2184c04a50c7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-47737
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/nfsd/nfs4idmap.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3e8081ebff12bec1347deaceb6bce0765cce54df
 	https://git.kernel.org/stable/c/c6b16e700cf4d959af524bd9d3978407ff7ce462
 	https://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134
 	https://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd
 	https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056
 	https://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da
 	https://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029
 	https://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834
 	https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-47737: nfsd: call cache_put if xdr_reserve_space returns NULL

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	nfsd: call cache_put if xdr_reserve_space returns NULL

	If not enough buffer space available, but idmap_lookup has triggered
	lookup_fn which calls cache_get and returns successfully. Then we
	missed to call cache_put here which pairs with cache_get.

	Reviwed-by: Jeff Layton <jlayton@kernel.org>

	The Linux kernel CVE team has assigned CVE-2024-47737 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 4.19.323 with commit 3e8081ebff12bec1347deaceb6bce0765cce54df
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 5.4.285 with commit c6b16e700cf4d959af524bd9d3978407ff7ce462
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 5.10.227 with commit 9f03f0016ff797932551881c7e06ae50e9c39134
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 5.15.168 with commit 9803ab882d565a8fb2dde5999d98866d1c499dfd
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.1.113 with commit 81821617312988096f5deccf0f7da6f888e98056
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.6.54 with commit a1afbbb5276f943ad7173d0b4c626b8c75a260da
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.10.13 with commit e32ee6a61041925d1a05c14d10352dcfce9ef029
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.11.2 with commit 8d0765f86135e27f0bb5c950c136495719b4c834
	Issue introduced in 3.16 with commit ddd1ea56367202f6c99135cd59de7a97af4c4ffd and fixed in 6.12 with commit d078cbf5c38de83bc31f83c47dcd2184c04a50c7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-47737
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/nfsd/nfs4idmap.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3e8081ebff12bec1347deaceb6bce0765cce54df
	https://git.kernel.org/stable/c/c6b16e700cf4d959af524bd9d3978407ff7ce462
	https://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134
	https://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd
	https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056
	https://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da
	https://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029
	https://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834
	https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7