Linux Kernel NFS NULL Pointer Dereference Vulnerability in State Management

A vulnerability in the Linux kernel's NFS (Network File System) implementation can lead to a NULL pointer dereference. This issue arises in the NFSv4 state management, specifically within the 'nfs4_state_start_net()' function. The problem occurs because the 'laundromat_work' may access an uninitialized variable, 'nfsd_ssc', leading to a NULL dereference. Normally, the delayed execution of 'laundromat_work' allows enough time for 'nfsd_ssc' to be initialized. However, in scenarios where the kernel waits too long for user space responses, this delayed work may commence before the initialization is complete, causing the NULL pointer dereference.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or denial of service by interrupting the normal operation of the NFS service.

Remediation

The vulnerability has been addressed by modifying the initialization sequence of 'nfsd_ssc' to occur before the 'laundromat_work' is started, ensuring that the variable is properly set up before it is accessed.