Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout.
Product status
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before 084bebe82ad86f718a3af84f34761863e63164ed
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before b6e4e3a08c03200cc4b8067ec8ab3172a989d6fc
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before 104080582ae0aa6dce6c6d75ff89062efe84673b
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before f718f9ea6094843b8c059b073af49ad61e9f49bb
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before 59947dff0fb7c19c09ce6dccbcd253fd542b6c25
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before ca2e7fdad7c683b64821c94a58b9b68733214dad
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before 38694f9aae00459ab443a7dc8b3949a6b33b560a
fe1cf9469d7bcb6af27e42eb555a41b0135bce4a (git) before e0f8058f2cb56de0b7572f51cd563ca5debce746
4.10
Any version before 4.10
5.10.248 (semver)
5.15.198 (semver)
6.1.160 (semver)
6.6.120 (semver)
6.12.63 (semver)
6.17.13 (semver)
6.18.2 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/084bebe82ad86f718a3af84f34761863e63164ed
git.kernel.org/...c/b6e4e3a08c03200cc4b8067ec8ab3172a989d6fc
git.kernel.org/...c/104080582ae0aa6dce6c6d75ff89062efe84673b
git.kernel.org/...c/f718f9ea6094843b8c059b073af49ad61e9f49bb
git.kernel.org/...c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25
git.kernel.org/...c/ca2e7fdad7c683b64821c94a58b9b68733214dad
git.kernel.org/...c/38694f9aae00459ab443a7dc8b3949a6b33b560a
git.kernel.org/...c/e0f8058f2cb56de0b7572f51cd563ca5debce746