CVE-2024-50106: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50106 affects the Linux kernel's Network File System (NFS) server implementation. The vulnerability involves a race condition between the laundromat thread handling revoked delegations and a client sending free_stateid operations. This issue was discovered in versions from 3.17 up to (excluding) 6.11.6, and was disclosed on November 5, 2024 (NVD).

The vulnerability stems from a race condition in the NFS server's delegation handling mechanism. When the laundromat thread identifies an expired delegation that needs revocation, it marks the delegation stid as revoked and adds it to a reaper list. However, it unlocks the state lock before completing the delegation revocation. This allows a racing freestateid processing thread to remove the delegation from the reaper list and free the delegation stid structure, leading to a use-after-free condition when nfsdbreakerownslease() attempts to dereference the freed delegation stateid. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 HIGH (NVD).

When exploited, this vulnerability can lead to a use-after-free condition in the kernel, potentially resulting in system crashes or denial of service. The issue specifically affects the NFS server's ability to properly handle delegation states and could impact the stability of systems running the NFS server (NVD).

A patch has been developed that adds two new scstatus values to help coordinate between the laundromat and other operations. The fix ensures proper synchronization between the laundromat thread and freestateid operations by maintaining appropriate state tracking and preventing premature delegation structure cleanup. Users should update to kernel version 6.11.6 or later which includes this fix (Kernel Patch).