CVE-2024-50106 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2024-50106?

CVE-2024-50106 has a CVSS score of 7.0 (HIGH). This is a use-after-free vulnerability in the Linux kernel's NFS server (nfsd) that allows a race condition between delegation cleanup and client operations. It can lead to kernel memory corruption and potential system crashes or privilege escalation. Systems running Linux kernels with NFS server enabled are affected.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's NFS server (nfsd) that allows a race condition between delegation cleanup and client operations. It can lead to kernel memory corruption and potential system crashes or privilege escalation. Systems running Linux kernels with NFS server enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions depend on distribution backports)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when NFS server (nfsd) is enabled and delegation feature is active. Most distributions don't enable nfsd by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation to kernel-level code execution, or denial of service affecting all NFS clients.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting NFS file operations for specific files with active delegations.

🟢

If Mitigated

Limited impact if NFS server is not enabled or delegation feature is disabled, though kernel crashes could still affect system stability.

🌐 Internet-Facing: MEDIUM - NFS servers exposed to untrusted networks could be targeted, but exploitation requires specific timing and NFS protocol knowledge.

🏢 Internal Only: MEDIUM - Internal attackers with NFS access could potentially trigger the race condition, though exploitation requires precise timing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires precise timing to trigger the race condition between laundromat thread and free_stateid operations. Requires NFS client access to trigger delegation operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a and 967faa26f313a62e7bebc55d5b8122eaee43b929

Vendor Advisory: https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable NFS server

linux

Disable nfsd service if not required

systemctl stop nfs-server
systemctl disable nfs-server

Disable delegation feature

linux

Configure NFS server to disable delegation support

echo 0 > /proc/fs/nfsd/delegations

🧯 If You Can't Patch

Disable NFS server completely if not required
Restrict NFS access to trusted clients only and monitor for abnormal NFS operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nfsd is running: 'uname -r' and 'systemctl status nfs-server' or 'ps aux | grep nfsd'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'uname -r' and check distribution patch notes

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning nfsd_breaker_owns_lease
KASAN use-after-free warnings in kernel logs
NFS server crash logs

Network Indicators:

Abnormal NFS FREE_STATEID operations
Multiple delegation revocation requests

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "nfsd_breaker_owns_lease")

📊 Metadata

CVE ID: CVE-2024-50106

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 5, 2024

Last Updated: December 11, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50106, you might also want to check these: