CVE-2021-47507
nfsd: Fix nsfd startup race (again)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix nsfd startup race (again)
Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first")
has re-opened rpc_pipefs_event() race against nfsd_net_id registration
(register_pernet_subsys()) which has been fixed by commit bb7ffbf29e76
("nfsd: fix nsfd startup race triggering BUG_ON").
Restore the order of register_pernet_subsys() vs register_cld_notifier().
Add WARN_ON() to prevent a future regression.
Crash info:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000012
CPU: 8 PID: 345 Comm: mount Not tainted 5.4.144-... #1
pc : rpc_pipefs_event+0x54/0x120 [nfsd]
lr : rpc_pipefs_event+0x48/0x120 [nfsd]
Call trace:
rpc_pipefs_event+0x54/0x120 [nfsd]
blocking_notifier_call_chain
rpc_fill_super
get_tree_keyed
rpc_fs_get_tree
vfs_get_tree
do_mount
ksys_mount
__arm64_sys_mount
el0_svc_handler
el0_svc
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige la ejecución de inicio de nsfd (nuevamente) El commit bd5ae9288d64 ("nfsd: registre las operaciones de pernet al final, anule el registro primero") ha reabierto la ejecución de rpc_pipefs_event() contra el registro de nfsd_net_id (register_pernet_subsys( )) que se ha solucionado mediante el commit bb7ffbf29e76 ("nfsd: arreglar la ejecución de inicio de nsfd que activa BUG_ON"). Restaure el orden de Register_pernet_subsys() frente a Register_cld_notifier(). Agregue WARN_ON() para evitar una regresión futura. Información de falla: no se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0000000000000012 CPU: 8 PID: 345 Comm: mount Not tainted 5.4.144-... #1 pc: rpc_pipefs_event+0x54/0x120 [nfsd] lr: rpc_pipefs_event+0x48/ 0x120 [nfsd] Rastreo de llamadas: rpc_pipefs_event+0x54/0x120 [nfsd] blocking_notifier_call_chain rpc_fill_super get_tree_keyed rpc_fs_get_tree vfs_get_tree do_mount ksys_mount __arm64_sys_mount el0_svc_handler el0_svc
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-22 CVE Reserved
- 2024-05-24 CVE Published
- 2024-05-25 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/8677e99150b0830d29cc1318b4cc559e176940bb | Vuln. Introduced | |
| https://git.kernel.org/stable/c/7c7cb07d4affcf41749234fe9dc4d90cd3959e32 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/bd5ae9288d6451bd346a1b4a59d4fe7e62ba29b7 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/4d41f65efeec0a6da6088341203c81e49ebfcd90 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.102 < 5.4.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.102 < 5.4.165" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.20 < 5.10.85 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.20 < 5.10.85" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 5.15.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.15.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.16" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11.3 Search vendor "Linux" for product "Linux Kernel" and version "5.11.3" | en |
Affected
| ||||||