CVE-2021-47168

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFS: fix an incorrect limit in filelayout_decode_layout()

The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer.

I reversed the size of the arguments to put the variable on the left.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < 9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040affected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1affected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < f299522eda1566cbfbae4b15c82970fc41b03714affected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < 945ebef997227ca8c20bad7f8a8358c8ee57a84aaffected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < e411df81cd862ef3d5b878120b2a2fef0ca9cdb1affected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < 9b367fe770b1b80d7bf64ed0d177544a44405f6eaffected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < d34fb628f6ef522f996205a9e578216bbee09e84affected
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8 < 769b01ea68b6c49dc3cde6adf7e53927dacbd3a8affected
LinuxLinux2.6.37affected
LinuxLinux0 < 2.6.37unaffected
LinuxLinux4.4.271 <= 4.4.*unaffected
LinuxLinux4.9.271 <= 4.9.*unaffected
LinuxLinux4.14.235 <= 4.14.*unaffected
LinuxLinux4.19.193 <= 4.19.*unaffected
LinuxLinux5.4.124 <= 5.4.*unaffected
LinuxLinux5.10.42 <= 5.10.*unaffected
LinuxLinux5.12.9 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References