Linux Kernel NFSv4 COMPOUND Operation Limit Reversion Vulnerability

A vulnerability in the Linux kernel's NFS server implementation allows an attacker to cause a denial-of-service condition by sending a COMPOUND request with an excessively large operation count. This overloads the server's memory allocation capabilities, leading to a vmalloc error that halts normal operations. The issue arises from the removal of a previous cap on the number of operations per COMPOUND request, which has now been reinstated but increased to 200.

Impact

Exploitation of this vulnerability causes the NFS server to hang indefinitely, disrupting normal file sharing operations.

Reproduction

The vulnerability can be reproduced by using the pynfs testing tool, specifically with the COMP6 test, which triggers the issue by sending a COMPOUND request that exceeds the server's capacity to handle operations, causing a memory allocation error.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.