CVE-2024-57928

CVE-2024-57928 is a vulnerability in the Linux kernel's netfs (network filesystem) subsystem, specifically affecting buffered read operations in the netfs_read_to_pagecache() function. The issue stems from incomplete error handling for ENOMEM conditions returned by ->prepare_read() or netfs_prepare_read_iterator(). In some cases, the function fails to decrement the ->nr_outstanding counter, cancel the subrequest, and exit the issuing loop properly, leading to potential out-of-bounds reads (CWE-125). The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A local attacker with low privileges (PR:L) can exploit this flaw by triggering buffered reads in netfs, potentially causing high confidentiality impact through information disclosure via out-of-bounds reads and high availability impact, such as denial of service from resource exhaustion or crashes. No user interaction is required, and the attack is straightforward given low attack complexity.

Mitigation involves applying the relevant Linux kernel patches, available in the following stable commit references: https://git.kernel.org/stable/c/105549d09a539a876b7c3330ab52d8aceedad358 and https://git.kernel.org/stable/c/88ecdfea1b333de5c51442b45cd549eeadf01852. These commits centralize the ENOMEM handling logic to ensure proper cleanup across all affected code paths. Security practitioners should update affected kernel versions promptly.