CVE-2024-46682: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-46682) was discovered in the nfsd component that could lead to a kernel panic. The issue occurs when accessing nfsv4.0 closed files in the nfs4showopen function. Prior to commit 3f29cc82a84c, the statesshow() function relied on the sctype field to validate the stateid type before calling a subfunction. After splitting the stateid validity into scstatus, the code no longer changed sctype to 0 while unhashing the stateid, resulting in a NULL pointer dereference for closed NFSv4.0 files (Kernel Git).

The vulnerability is triggered when attempting to read the /proc/fs/nfsd/clients/2/states file after mounting a server with NFSv4.0, reading and closing a file. The issue stems from nfs4showopen() attempting to dereference sc_file which is NULL for closed files. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as a NULL Pointer Dereference (CWE-476) (NVD).

When exploited, this vulnerability results in a kernel panic, affecting system availability. The issue occurs specifically when attempting to display information about closed NFSv4.0 files through the procfs interface (NVD).

The issue has been fixed in the Linux kernel through a patch that checks for NULL nf pointers and handles closed files appropriately. The fix involves modifying the nfs4showopen function to properly handle cases where the file is closed, displaying "closed" instead of attempting to access the NULL file pointer (Kernel Git).