CVE-2024-46690

Published: Sep 13, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict() tests fl_lmops but largely ignores the result and assumes that flc_owner is an nfs4_delegation anyway. This is wrong. With this patch we restore the "!= &nfsd_lease_mng_ops" case to behave as it did before the change mentioned below. This is the same as the current code, but without any reference to a possible delegation.

Vendor	Product	Versions
Linux	Linux	affected `c5967721e1063648b0506481585ba7e2e49a075e - < 1b46a871e980e3daa16fd5e77539966492e8910a` affected `c5967721e1063648b0506481585ba7e2e49a075e - < 40927f3d0972bf86357a32a5749be71a551241b6`
Linux	Linux	affected `6.9` unaffected `0 - < 6.9` unaffected `6.10.8 - <= 6.10.` unaffected `6.11 - <= `

References

https://git.kernel.org/stable/c/1b46a871e980e3daa16fd5e77539966492e8910a

https://git.kernel.org/stable/c/40927f3d0972bf86357a32a5749be71a551241b6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-46690

Description

Affected Products

References