// For flags

CVE-2021-47179

NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()

Commit de144ff4234f changes _pnfs_return_layout() to call
pnfs_mark_matching_lsegs_return() passing NULL as the struct
pnfs_layout_range argument. Unfortunately,
pnfs_mark_matching_lsegs_return() doesn't check if we have a value here
before dereferencing it, causing an oops.

I'm able to hit this crash consistently when running connectathon basic
tests on NFS v4.1/v4.2 against Ontap.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4: corrige una desreferencia de puntero NULL en pnfs_mark_matching_lsegs_return(). Confirme los cambios de144ff4234f _pnfs_return_layout() para llamar a pnfs_mark_matching_lsegs_return() pasando NULL como argumento de estructura pnfs_layout_range. Desafortunadamente, pnfs_mark_matching_lsegs_return() no verifica si tenemos un valor aquí antes de eliminar la referencia a él, lo que provoca un error. Puedo alcanzar este bloqueo de manera consistente cuando ejecuto pruebas básicas de Connectathon en NFS v4.1/v4.2 contra Ontap.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-25 CVE Reserved
  • 2024-03-25 CVE Published
  • 2024-05-17 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.9.269 < 4.9.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.269 < 4.9.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.14.233 < 4.14.235
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.233 < 4.14.235"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.19.191 < 4.19.193
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.191 < 4.19.193"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4.118 < 5.4.124
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.118 < 5.4.124"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.10.36 < 5.10.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.36 < 5.10.42"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.12.3 < 5.12.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12.3 < 5.12.9"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.11.20
Search vendor "Linux" for product "Linux Kernel" and version "5.11.20"
en
Affected