Vulnerability Description
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.11.0, < 5.12.19 |
| Netapp | Hci Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Element Software | - |
| Netapp | Hci Storage Node | - |
Related Weaknesses (CWE)
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4Mailing ListPatchVendor Advisory
- https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0010/Third Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4Mailing ListPatchVendor Advisory
- https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0010/Third Party Advisory
FAQ
What is CVE-2021-38201?
CVE-2021-38201 is a vulnerability with a CVSS score of 7.5 (HIGH). net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
How severe is CVE-2021-38201?
CVE-2021-38201 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38201?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Hci Bootstrap Os, Netapp Hci Compute Node, Netapp Hci Management Node, Netapp Solidfire.