Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
Theoretically it’s an oopsable race, but I don’t believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won’t be easy to attack.
Anyway, it’s easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that.
Details
- Affected product:
- Oracle Linux 7 ELS , Ubuntu 20.04 ELS
- Affected packages:
- kernel-uek @ 5.4.17 (+2 more)
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
Theoretically it’s an oopsable race, but I don’t believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won’t be easy to attack.
Anyway, it’s easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that.