CVE-2021-47307

cifs: prevent NULL deref in cifs_compose_mount_options()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

cifs: prevent NULL deref in cifs_compose_mount_options()

The optional @ref parameter might contain an NULL node_name, so
prevent dereferencing it in cifs_compose_mount_options().

Addresses-Coverity: 1476408 ("Explicit null dereferenced")

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de nodo NULL, por lo que se debe evitar eliminar la referencia a él en cifs_compose_mount_options(). Direcciones-Cobertura: 1476408 ("Nulo explícito desreferenciado")

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759	2021-07-25
https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796	2021-07-25
https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d	2021-07-25
https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306	2021-07-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.135 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.135"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.53 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.53"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.13.5 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.14 Search vendor "Linux" for product "Linux Kernel" and version " < 5.14"		en		Affected