CVE-2024-46682 is a vulnerability in the Linux kernel's NFS server daemon (nfsd) related to the handling of NFSv4.0 open state identifiers (stateids). The issue arises from a change introduced in commit 3f29cc82a84c, which split the sc_status field out of sc_type in the kernel's internal stateid structure. Previously, the states_show() function relied on sc_type being valid before accessing subfunctions that display stateid content. After the change, sc_type was no longer reset to zero during stateid unhashing, causing the nfs4_show_open() function to dereference a NULL pointer (sc_file) when processing closed open stateids. This results in a kernel oops (panic) when reading the NFS server's client state information, specifically when accessing /proc/fs/nfsd/clients/2/states on the server. The vulnerability can be triggered by mounting the server with NFSv4.0, reading and closing a file, and then querying the state information, which leads to a kernel crash. The root cause is improper handling of closed open stateids that lack a valid sc_file pointer, leading to a NULL pointer dereference. The fix involves skipping the display of information that requires a valid sc_file for closed open stateids, preventing the kernel panic. This vulnerability affects Linux kernel versions containing the specified commit and is relevant to systems running NFSv4.0 servers. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations relying on Linux-based NFSv4.0 servers, this vulnerability can cause denial of service (DoS) conditions due to kernel panics triggered by local or potentially remote queries of NFS client state information. The impact primarily affects availability, as the kernel panic will crash the NFS server, disrupting file sharing services critical for enterprise operations, data centers, and cloud infrastructure. Confidentiality and integrity impacts are minimal since the vulnerability does not allow privilege escalation or unauthorized data access directly. However, the resulting service outages could impact business continuity and operational efficiency. Organizations with heavy reliance on NFS for file storage, especially in sectors like finance, manufacturing, research, and government, may experience significant disruption. The vulnerability requires specific conditions to trigger (NFSv4.0 usage, reading and closing files, and querying state info), so the attack surface is somewhat limited but still relevant for environments using this protocol version. The lack of known exploits reduces immediate risk but does not eliminate the threat of exploitation by skilled attackers or accidental triggering by system administrators.

1. Apply the official Linux kernel patch that addresses CVE-2024-46682 as soon as it becomes available to prevent kernel panics caused by this vulnerability. 2. If patching is not immediately possible, consider disabling or limiting access to the /proc/fs/nfsd/clients/*/states interface to trusted administrators only, reducing the risk of accidental or malicious triggering. 3. Monitor kernel logs and system stability closely for signs of unexpected panics related to nfsd, especially after NFSv4.0 file operations. 4. Review and restrict NFSv4.0 usage where feasible, potentially migrating to NFSv4.1 or later versions that may not be affected. 5. Implement robust system monitoring and alerting to detect and respond quickly to service disruptions caused by kernel panics. 6. Educate system administrators about the vulnerability and safe handling of NFS client state information to avoid inadvertent triggering. 7. Employ kernel live patching solutions if available to apply fixes without downtime in critical environments.