CVE-2024-56779: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56779 is a memory leak vulnerability discovered in the Linux kernel's NFS server (nfsd) component. The issue specifically affects the nfs4openowner handling when concurrent nfsd4open operations occur. The vulnerability was disclosed on January 8, 2025, and affects multiple versions of the Linux kernel up to versions 5.4.287, 5.10.231, 5.15.174, 6.1.120, and 6.6.64 (NVD).

The vulnerability occurs during the processing of concurrent NFS4 open requests. When a force umount operation (umount -f) attempts to kill all rpctasks, it can lead to a situation where two rpctasks attempt to open the same file simultaneously. During this process, if an nfs4openowner is found that is not marked as NFS4OO_CONFIRMED, it gets released, but due to concurrent operations, this can result in memory leaks. The issue has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to memory leaks in the kernel's NFS server component. When triggered, it can cause various resources to leak, including nfs4openowner, stateid, nfsdfile, and nfsdfilemark objects. This can eventually result in resource exhaustion and system instability, particularly when shutting down the NFS server (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through a patch that adds nfs4openownerunhashed functionality to help identify unhashed nfs4openowner instances and breaks the nfsd4open process to prevent the memory leak. The fix has been backported to multiple kernel versions and is available in the stable kernel releases (Kernel Patch, Debian Update).