CVE-2024-53167

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfs/blocklayout: Don&amp;#39;t attempt unregister for invalid block device<br /> <br /> Since commit d869da91cccb ("nfs/blocklayout: Fix premature PR key<br /> unregistration") an unmount of a pNFS SCSI layout-enabled NFS may<br /> dereference a NULL block_device in:<br /> <br /> bl_unregister_scsi+0x16/0xe0 [blocklayoutdriver]<br /> bl_free_device+0x70/0x80 [blocklayoutdriver]<br /> bl_free_deviceid_node+0x12/0x30 [blocklayoutdriver]<br /> nfs4_put_deviceid_node+0x60/0xc0 [nfsv4]<br /> nfs4_deviceid_purge_client+0x132/0x190 [nfsv4]<br /> unset_pnfs_layoutdriver+0x59/0x60 [nfsv4]<br /> nfs4_destroy_server+0x36/0x70 [nfsv4]<br /> nfs_free_server+0x23/0xe0 [nfs]<br /> deactivate_locked_super+0x30/0xb0<br /> cleanup_mnt+0xba/0x150<br /> task_work_run+0x59/0x90<br /> syscall_exit_to_user_mode+0x217/0x220<br /> do_syscall_64+0x8e/0x160<br /> <br /> This happens because even though we were able to create the<br /> nfs4_deviceid_node, the lookup for the device was unable to attach the<br /> block device to the pnfs_block_dev.<br /> <br /> If we never found a block device to register, we can avoid this case with<br /> the PNFS_BDEV_REGISTERED flag. Move the deref behind the test for the<br /> flag.