CVE-2024-26958: Linux Kernel NFS Vulnerability - Fixing UAF in Direct Writes

Ladies and gentlemen, it's time to talk about an important discovery in the world of Linux kernel vulnerabilities. This is regarding the CVE-2024-26958, which has been recently resolved by fixing UAF (use-after-free) in direct writes related to the NFS (Network File System) protocol. If you are using NFS in production, you better keep reading, as it could lead to crashes and instability, bringing your systems down.

In production, systems have been consistently encountering the following warning

------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+x9c/xe
Workqueue: nfsiod nfs_direct_write_schedule_work [nfs]

The problem is that the nfs_direct_request has been completed twice in a row, resulting in an underflow and use-after-free issue. This happens because asynchronous requests sometimes complete before the next one is sent, causing the nfs_direct_request to be called twice consequently.

To resolve this issue, developers need to follow a pattern similar to what is used in __nfs_commit_inode. This pattern includes calling nfs_commit_begin() and nfs_commit_end() around the problematic commit request handling lines.

Here's the code snippet that resolves the issue by following the proper pattern for commit requests

if (nfs_commit_end(cinfo.mds)) {
    nfs_direct_write_complete(dreq);
}

By implementing this solution, users have reported that the warning has not popped up while running stress tests for several hours.

Original references and further reading

For those who want to dive deeper into the technical details, the following resources are highly recommended:

1. Linux kernel source code - link
2. Linux kernel bug report - link
3. NFS protocol overview - link

Conclusion

CVE-2024-26958 demonstrates the importance of staying on top of security vulnerabilities and how a simple code fix can resolve potential issues. By addressing the NFS use-after-free issue, developers can ensure that their systems are more stable, particularly in production environments. It is crucial to keep an eye on similar vulnerabilities, subscribe to security mailing lists, and follow best practices to maintain the security and stability of your Linux systems.

Timeline

Published on: 05/01/2024 06:15:12 UTC
Last modified on: 06/25/2024 22:15:26 UTC