{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-47692",
        "ASSIGNER": "cve@kernel.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205]  dump_stack+0x9a/0xd0\n[ T1205]  ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205]  __kasan_report.cold+0x34/0x84\n[ T1205]  ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205]  kasan_report+0x3a/0x50\n[ T1205]  nfs4_client_to_reclaim+0xe9/0x260\n[ T1205]  ? nfsd4_release_lockowner+0x410/0x410\n[ T1205]  cld_pipe_downcall+0x5ca/0x760\n[ T1205]  ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205]  ? down_write_killable_nested+0x170/0x170\n[ T1205]  ? avc_policy_seqno+0x28/0x40\n[ T1205]  ? selinux_file_permission+0x1b4/0x1e0\n[ T1205]  rpc_pipe_write+0x84/0xb0\n[ T1205]  vfs_write+0x143/0x520\n[ T1205]  ksys_write+0xc9/0x170\n[ T1205]  ? __ia32_sys_read+0x50/0x50\n[ T1205]  ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205]  ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205]  do_syscall_64+0x33/0x40\n[ T1205]  entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Linux",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Linux",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "74725959c33c",
                                            "version_value": "0f1d007bbea3"
                                        },
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "version": "5.2",
                                                        "status": "affected"
                                                    },
                                                    {
                                                        "version": "0",
                                                        "lessThan": "5.2",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "5.10.227",
                                                        "lessThanOrEqual": "5.10.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "5.15.168",
                                                        "lessThanOrEqual": "5.15.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.1.113",
                                                        "lessThanOrEqual": "6.1.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.6.54",
                                                        "lessThanOrEqual": "6.6.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.10.13",
                                                        "lessThanOrEqual": "6.10.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.11.2",
                                                        "lessThanOrEqual": "6.11.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.12-rc1",
                                                        "lessThanOrEqual": "*",
                                                        "status": "unaffected",
                                                        "versionType": "original_commit_for_fix"
                                                    }
                                                ],
                                                "defaultStatus": "affected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://git.kernel.org/stable/c/0f1d007bbea38a61cf9c5392708dc70ae9d84a3d",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/0f1d007bbea38a61cf9c5392708dc70ae9d84a3d"
            },
            {
                "url": "https://git.kernel.org/stable/c/b7b7a8df41ef18862dd6b22289fb46c2c12398af",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/b7b7a8df41ef18862dd6b22289fb46c2c12398af"
            },
            {
                "url": "https://git.kernel.org/stable/c/84a563d136faf514fdad1ade28d7a142fd313cb8",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/84a563d136faf514fdad1ade28d7a142fd313cb8"
            },
            {
                "url": "https://git.kernel.org/stable/c/318f70857caab3da9a6ada9bc8c1f4f7591b695e",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/318f70857caab3da9a6ada9bc8c1f4f7591b695e"
            },
            {
                "url": "https://git.kernel.org/stable/c/766d5fbd78f7a52b3888449a0358760477b74602",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/766d5fbd78f7a52b3888449a0358760477b74602"
            },
            {
                "url": "https://git.kernel.org/stable/c/1ff8be8d008b9ddc8e7043fbddd37d5d451b271b",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/1ff8be8d008b9ddc8e7043fbddd37d5d451b271b"
            },
            {
                "url": "https://git.kernel.org/stable/c/22451a16b7ab7debefce660672566be887db1637",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/22451a16b7ab7debefce660672566be887db1637"
            }
        ]
    },
    "generator": {
        "engine": "bippy-c9c4e1df01b2"
    }
}