Bug 2300453 (CVE-2024-41076)

Summary: CVE-2024-41076 kernel: NFSv4: Fix memory leak in nfs4_set_security_label
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.1.101, kernel 6.6.42, kernel 6.9.11, kernel 6.10 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the nfs4_set_security_label() in the Linux kernel, where the function fails to free the nfs_fattr attribute before exiting, leaving said memory allocation present. As the nfs4_set_security_label() is called repeatedly over time, this may lead to memory exhaustion.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2301641    
Bug Blocks:    

Description OSIDB Bzimport 2024-07-29 15:50:43 UTC 
In the Linux kernel, the following vulnerability has been resolved:

NFSv4: Fix memory leak in nfs4_set_security_label

We leak nfs_fattr and nfs4_label every time we set a security xattr.
Comment 1 Mauro Matteo Cascella 2024-07-30 13:52:10 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41076-6124@gregkh/T
Comment 2 Mauro Matteo Cascella 2024-07-30 13:52:33 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301641]
Comment 130 errata-xmlrpc 2024-08-21 00:15:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5673 https://access.redhat.com/errata/RHSA-2024:5673
Comment 131 errata-xmlrpc 2024-08-21 00:26:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5672 https://access.redhat.com/errata/RHSA-2024:5672
Comment 132 errata-xmlrpc 2024-08-28 12:21:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:5928 https://access.redhat.com/errata/RHSA-2024:5928
Comment 133 errata-xmlrpc 2024-09-03 15:43:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6206 https://access.redhat.com/errata/RHSA-2024:6206
Comment 134 errata-xmlrpc 2024-09-24 00:39:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001
Comment 135 errata-xmlrpc 2024-09-24 02:35:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000