Linux Kernel NFSD Reference Count Leak Vulnerability in nfsd4_ssc_umount_item

A vulnerability in the Linux kernel's NFS server (NFSD) component has been addressed. The issue involved a reference count leak of the nfsd4_ssc_umount_item, which was not properly decremented under certain error conditions. This oversight prevented the 'laundromat' from unmounting the virtual file system mount of the source file, potentially leading to resource management issues. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability could lead to a reference count leak, causing improper management of virtual file system mounts. This could disrupt normal file system operations, particularly in inter-server copy processes, by preventing timely unmounting of resources.

Reproduction

To reproduce this vulnerability, initiate an inter-server copy operation that involves the NFS server component. Monitor the reference count of the nfsd4_ssc_umount_item during the process. If an error occurs, the reference count should ideally be decremented to allow the laundromat to unmount the vfsmount of the source file. However, due to this vulnerability, the reference count remains unchanged, causing the vfsmount to remain mounted even after the operation encounters an error.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.