CVE-2021-47167

NFS: Fix an Oopsable condition in __nfs_pageio_add_request()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents,
so that the structure reflects the fact that it is now empty.
Also change the test in nfs_pageio_do_add_request() to be more robust by
checking whether or not the list is empty rather than relying on the
value of pg_count.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFS: corrija una condición de Oopsable en __nfs_pageio_add_request() Asegúrese de que nfs_pageio_error_cleanup() restablezca el contenido de la matriz reflejada, de modo que la estructura refleje el hecho de que ahora está vacía. También cambie la prueba en nfs_pageio_do_add_request() para que sea más sólida verificando si la lista está vacía o no en lugar de confiar en el valor de pg_count.

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-25 CVE Reserved
2024-03-25 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/a7d42ddb3099727f58366fa006f850a219cce6c8	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e	2021-06-03
https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101	2021-06-03
https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490	2021-06-03
https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb	2021-05-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.4.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.13"		en		Affected