FKIE_CVE-2021-47316

Vulnerability from fkie_nvd - Published: 2024-05-21 15:15 - Updated: 2024-12-24 16:28
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8dPatch
Impacted products
Vendor Product Version
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93FA3CC-0C79-410B-A7D7-245C2AA0723A",
              "versionEndExcluding": "5.13.4",
              "versionStartIncluding": "5.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix NULL dereference in nfs3svc_encode_getaclres\n\nIn error cases the dentry may be NULL.\n\nBefore 20798dfe249a, the encoder also checked dentry and\nd_really_is_positive(dentry), but that looks like overkill to me--zero\nstatus should be enough to guarantee a positive dentry.\n\nThis isn\u0027t the first time we\u0027ve seen an error-case NULL dereference\nhidden in the initialization of a local variable in an xdr encoder.  But\nI went back through the other recent rewrites and didn\u0027t spot any\nsimilar bugs."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige la desreferencia NULL en nfs3svc_encode_getaclres. En casos de error, la dentry puede ser NULL. Antes de 20798dfe249a, el codificador tambi\u00e9n verificaba dentry y d_really_is_positive(dentry), pero eso me parece excesivo: el estado cero deber\u00eda ser suficiente para garantizar un dentry positivo. Esta no es la primera vez que vemos una desreferencia NULL de caso de error oculta en la inicializaci\u00f3n de una variable local en un codificador xdr. Pero revis\u00e9 las otras reescrituras recientes y no encontr\u00e9 ning\u00fan error similar."
    }
  ],
  "id": "CVE-2021-47316",
  "lastModified": "2024-12-24T16:28:58.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T15:15:18.940",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.