Linux Kernel NFS TLS Certificate Validation Vulnerability

A vulnerability in the Linux kernel's NFS implementation has been addressed, which involved improper validation of TLS certificate fields in the function nfs_match_client(). When the TLS security policy is set to RPC_XPRTSEC_TLS_X509, it is crucial that the cert_serial and privkey_serial fields match, as they represent the client's identity to the server. This vulnerability could lead to incorrect client identification in TLS-secured NFS operations.

Impact

The vulnerability could result in incorrect validation of TLS certificates, potentially allowing for misrepresentation of client identity in NFS operations that rely on TLS for security.