CVE-2021-47316

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870	Patch
https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8	Patch
https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d	Patch
https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870	Patch
https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8	Patch
https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-05-21 15:15

Updated : 2024-12-24 16:28

NVD link : CVE-2021-47316

Mitre link : CVE-2021-47316

CVE.ORG link : CVE-2021-47316

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2021-47316", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:18.940", "references": [{"url": "https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix NULL dereference in nfs3svc_encode_getaclres\n\nIn error cases the dentry may be NULL.\n\nBefore 20798dfe249a, the encoder also checked dentry and\nd_really_is_positive(dentry), but that looks like overkill to me--zero\nstatus should be enough to guarantee a positive dentry.\n\nThis isn't the first time we've seen an error-case NULL dereference\nhidden in the initialization of a local variable in an xdr encoder. But\nI went back through the other recent rewrites and didn't spot any\nsimilar bugs."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige la desreferencia NULL en nfs3svc_encode_getaclres. En casos de error, la dentry puede ser NULL. Antes de 20798dfe249a, el codificador tambi\u00e9n verificaba dentry y d_really_is_positive(dentry), pero eso me parece excesivo: el estado cero deber\u00eda ser suficiente para garantizar un dentry positivo. Esta no es la primera vez que vemos una desreferencia NULL de caso de error oculta en la inicializaci\u00f3n de una variable local en un codificador xdr. Pero revis\u00e9 las otras reescrituras recientes y no encontr\u00e9 ning\u00fan error similar."}], "lastModified": "2024-12-24T16:28:58.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93FA3CC-0C79-410B-A7D7-245C2AA0723A", "versionEndExcluding": "5.13.4", "versionStartIncluding": "5.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}