Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.13, < 5.13.4 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870Patch
- https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8Patch
- https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8dPatch
- https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870Patch
- https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8Patch
- https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8dPatch
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-355557.html
FAQ
What is CVE-2021-47316?
CVE-2021-47316 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder al...
How severe is CVE-2021-47316?
CVE-2021-47316 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47316?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.