CVE-2021-47168
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: fix an incorrect limit in filelayout_decode_layout()
The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer.
I reversed the size of the arguments to put the variable on the left.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < 9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040 | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1 | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < f299522eda1566cbfbae4b15c82970fc41b03714 | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < 945ebef997227ca8c20bad7f8a8358c8ee57a84a | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < e411df81cd862ef3d5b878120b2a2fef0ca9cdb1 | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < 9b367fe770b1b80d7bf64ed0d177544a44405f6e | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < d34fb628f6ef522f996205a9e578216bbee09e84 | affected |
| Linux | Linux | 16b374ca439fb406e46e071f75428f5b033056f8 < 769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 | affected |
| Linux | Linux | 2.6.37 | affected |
| Linux | Linux | 0 < 2.6.37 | unaffected |
| Linux | Linux | 4.4.271 <= 4.4.* | unaffected |
| Linux | Linux | 4.9.271 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.235 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.193 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.124 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.42 <= 5.10.* | unaffected |
| Linux | Linux | 5.12.9 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040
- https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1
- https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714
- https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a
- https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1
- https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e
- https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84
- https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040
- https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1
- https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714
- https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a
- https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1
- https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e
- https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84
- https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.