CVE-2021-47316

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix NULL dereference in nfs3svc_encode_getaclres

In error cases the dentry may be NULL.

Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me–zero status should be enough to guarantee a positive dentry.

This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd505e66191072748620fc0af038cea4e4da0e3cd < e79057d15d96ef19de4de6d7e479bae3d58a2a8daffected
LinuxLinux20798dfe249a01ad1b12eec7dbc572db5003244a < 650e6f383a6eb40f7c0a010982a74ab4b6893870affected
LinuxLinux20798dfe249a01ad1b12eec7dbc572db5003244a < ab1016d39cc052064e32f25ad18ef8767a0ee3b8affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.13.4 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References