CVE-2021-38199
Ubuntu Security Notice USN-5091-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
El archivo fs/nfs/nfs4client.c en el kernel de Linux versiones anteriores a 5.13.4, presenta un ordenamiento incorrecto de la configuración de la conexión, que permite a operadores de servidores NFSv4 remotos causar una denegación de servicio (cuelgue de montajes) al disponer de que esos servidores sean inalcanzables durante la detección de trunking
It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-08 CVE Reserved
- 2021-08-08 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210902-0010 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | 2021-12-21 | |
| https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c | 2021-12-21 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2021/dsa-4978 | 2021-12-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Hci Bootstrap Os Search vendor "Netapp" for product "Hci Bootstrap Os" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Storage Node Search vendor "Netapp" for product "Hci Storage Node" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.13.4 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13.4" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||