Linux Kernel NFSD Race Condition Vulnerability Leading to Kernel Oops

A race condition vulnerability in the Linux kernel's NFS server (NFSD) has been identified, which can lead to a kernel Oops. This issue arises during the registration of NFSD and the processing of exports, creating a race between these two operations. When the 'exportfs -r' command is run simultaneously with mounting NFS on the proc filesystem, it can trigger a null pointer dereference, causing a kernel crash. This vulnerability affects several versions of the Linux kernel, including 5.4 on ARM64 and the latest 6.14 kernel.

Impact

Exploitation of this vulnerability causes a kernel Oops, leading to a crash of the NFS server and potentially destabilizing the system.

Reproduction

The vulnerability can be reproduced by running a script that repeatedly exports NFS interfaces while simultaneously mounting and unmounting NFS on the proc filesystem. This creates a race condition that triggers the null pointer dereference.

Remediation

Exporting NFS interfaces should be done after the NFS server has been initialized, and cleanup should occur before unloading the NFS module.