)]}'
{
  "commit": "ee966a6b584adbdfa0b208564e9c69b1828511f3",
  "tree": "6dbe22310a867c59f2d4c854d9cdb9906cba0968",
  "parents": [
    "e3a5df144bd6678df0da60b1c97765fd02aa06c0"
  ],
  "author": {
    "name": "Trond Myklebust",
    "email": "trond.myklebust@hammerspace.com",
    "time": "Fri Nov 08 12:13:31 2024 -0500"
  },
  "committer": {
    "name": "Shuo Yang",
    "email": "gshuoy@google.com",
    "time": "Thu Jan 16 22:04:20 2025 -0800"
  },
  "message": "NFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\n[ Upstream commit 2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889 ]\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.\n\nBUG\u003db/390131656\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixed CVE-2024-53173 in the Linux kernel.\n\ncos-patch: security-high\nReported-by: Yang Erkun \u003cyangerkun@huawei.com\u003e\nFixes: 24ac23ab88df (\"NFSv4: Convert open() into an asynchronous RPC call\")\nReviewed-by: Yang Erkun \u003cyangerkun@huawei.com\u003e\nChange-Id: I585896b8e2c1694f8e516ab3172a078c706fec6f\nSigned-off-by: Trond Myklebust \u003ctrond.myklebust@hammerspace.com\u003e\nSigned-off-by: Sasha Levin \u003csashal@kernel.org\u003e\nSigned-off-by: Kernel CVE Triage Automation \u003ccloud-image-kernel-cve-triage-automation@prod.google.com\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/90682\nReviewed-by: Shuo Yang \u003cgshuoy@google.com\u003e\nReviewed-by: Kevin Berry \u003ckpberry@google.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "299ea2b86df668c0fe17ac0ea5438d6b4d5bab72",
      "old_mode": 33188,
      "old_path": "fs/nfs/nfs4proc.c",
      "new_id": "4b12e45f575394ad7a8b32c80fbd11e6d4b87720",
      "new_mode": 33188,
      "new_path": "fs/nfs/nfs4proc.c"
    }
  ]
}