CVE-2021-47179

NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call
pnfs_mark_matching_lsegs_return() passing NULL as the struct
pnfs_layout_range argument. Unfortunately,
pnfs_mark_matching_lsegs_return() doesn't check if we have a value here
before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic
tests on NFS v4.1/v4.2 against Ontap.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4: corrige una desreferencia de puntero NULL en pnfs_mark_matching_lsegs_return(). Confirme los cambios de144ff4234f _pnfs_return_layout() para llamar a pnfs_mark_matching_lsegs_return() pasando NULL como argumento de estructura pnfs_layout_range. Desafortunadamente, pnfs_mark_matching_lsegs_return() no verifica si tenemos un valor aquí antes de eliminar la referencia a él, lo que provoca un error. Puedo alcanzar este bloqueo de manera consistente cuando ejecuto pruebas básicas de Connectathon en NFS v4.1/v4.2 contra Ontap.

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-25 CVE Reserved
2024-03-25 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/80e34f4957ec3010c85f9bb0b568a8d46acdf535	Vuln. Introduced
https://git.kernel.org/stable/c/7b7b9774643220e53eef58c15bb29bd4182fe053	Vuln. Introduced
https://git.kernel.org/stable/c/9ffa7967f9379a0a1b924e9ffeda709d72237da7	Vuln. Introduced
https://git.kernel.org/stable/c/6be0e4b59314e4a836495f6ffdc5d2c5b079deeb	Vuln. Introduced
https://git.kernel.org/stable/c/2fafe7d5047f98791afd9a1d90d2afb70debc590	Vuln. Introduced
https://git.kernel.org/stable/c/7e65ea887d0c0997f3053acd91a027af45e71c5b	Vuln. Introduced
https://git.kernel.org/stable/c/96260bde1ea8ae31a5402fe506abbb8951d5a42c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42	2021-06-03
https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48	2021-06-03
https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494	2021-06-03
https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb	2021-06-03
https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53	2021-06-03
https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a	2021-06-03
https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb	2021-05-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9.269 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.269 < 4.9.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.233 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.233 < 4.14.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.191 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.191 < 4.19.193"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.118 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.118 < 5.4.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.36 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.36 < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12.3 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12.3 < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.11.20 Search vendor "Linux" for product "Linux Kernel" and version "5.11.20"		en		Affected