CVE-2024-42078 - Linux Kernel NFSd Vulnerability Resolution: Initializing nfsd_info.mutex Early to Prevent OOPS

A previously discovered vulnerability in the Linux kernel has been resolved. The vulnerability was identified in the nfsd (Network File System Daemon) component and was caused by a dereferenced nfsd_info.mutex, leading to an OOPS (kernel panic). In this post, we'll dive into the details of the vulnerability, the solution, and how to ensure your systems are properly protected.

Vulnerability Details

In the Linux kernel's nfsd component, nfsd_info's mutex could be referenced by svc_pool_stats_start() prematurely. This dereference occurs immediately after the new netns (network namespace) is created, which can ultimately lead to a kernel OOPS.

Here's a code snippet demonstrating the problem

struct svc_pool_stat *svc_pool_stats_start(struct net *net)
{
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);
        if (nn && !mutex_trylock(&nn->nfsd_info.mutex)) {
                svc_pool_stats_shown = true;
                return (struct svc_pool_stat *)nn;
        }
        return ERR_PTR(-EAGAIN);
}

The mutex_trylock(&nn->nfsd_info.mutex) function call attempts to grab the mutex lock for nfsd_info. If it fails, the svc_pool_stats_shown variable is set to true and updated improperly, causing the kernel to panic.

Solution

The vulnerability has been resolved by initializing the nfsd_info.mutex early in the code, which prevents it from being dereferenced during the creation of a new netns.

Here's a code snippet demonstrating the fix

int nfsd_create_net(struct net *net)
{
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);
        int error;

        mutex_init(&nn->nfsd_info.mutex);
        ...
        return ;
}

By initializing the mutex early within the nfsd_create_net() function, the vulnerability is mitigated and the kernel no longer panics from the dereference.

The original issue, as well as the associated patch, can be found at the following links

- Patch submission: https://lore.kernel.org/all/20210905114245.3156278-1-christophe.leroy@csgroup.eu/T/#u

- Linux kernel commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e24abda029e7fb17e77dce8de855eccaf144859

Exploit Details

While there are no known exploits for this vulnerability, it is still essential to apply the appropriate security patch to ensure your systems' security. A potential attacker who gains access to a system could potentially trigger the issue and create a denial-of-service (DoS) situation.

Conclusion

To protect your Linux system against the CVE-2024-42078 vulnerability, it is critical to ensure your kernel is up-to-date with the latest patches. By initializing the nfsd_info.mutex early, as shown in the provided patch, the vulnerability is mitigated and the kernel will no longer panic when the issue is triggered.

Stay vigilant about updating your systems and monitoring security advisories to keep potential attackers at bay.

Timeline

Published on: 07/29/2024 16:15:07 UTC
Last modified on: 07/30/2024 18:58:41 UTC