Linux Kernel NFSD NFSv2 GETACL Result Encoder Garbage Data Vulnerability

A vulnerability in the Linux kernel's NFSD component for NFSv2 GETACL result encoding has been addressed. The issue arose from an improper conversion to the XDR stream, which left behind code that manually set the send buffer's page length. This mistake caused the encoder to append unnecessary data beyond the intended Reply message, potentially leaking outdated memory contents over the network. While most clients disregard this extraneous data, it is unnecessary for NFSD to transmit it.

Impact

The vulnerability could lead to the unintentional transmission of stale memory data over the network, which may be intercepted by clients.

Reproduction

The vulnerability can be reproduced by using an NFSv2 client to request ACL data from an NFS server that is running a vulnerable version of the Linux kernel. The server will inadvertently send extra data beyond the ACL response, including stale memory contents, which can be observed on the wire.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.