CVE-2021-47168: NFS: fix an incorrect limit in filelayout_decode_layout()
First published: Mon Mar 25 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=2.6.37<4.4.271 | |
| Linux Kernel | >=4.5<4.9.271 | |
| Linux Kernel | >=4.10<4.14.235 | |
| Linux Kernel | >=4.15<4.19.193 | |
| Linux Kernel | >=4.20<5.4.124 | |
| Linux Kernel | >=5.5<5.10.42 | |
| Linux Kernel | >=5.11<5.12.9 | |
| Linux Kernel | =5.13-rc1 | |
| Linux Kernel | =5.13-rc2 | |
| Linux Kernel | =5.13-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040
- https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1
- https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714
- https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a
- https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1
- https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e
- https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84
- https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8
Frequently Asked Questions
What is the severity of CVE-2021-47168?
CVE-2021-47168 has been classified as a medium severity vulnerability due to the potential for memory corruption.
How do I fix CVE-2021-47168?
To fix CVE-2021-47168, update the Linux kernel to a version that includes the patch addressing the incorrect limit in filelayout_decode_layout().
What systems are affected by CVE-2021-47168?
CVE-2021-47168 affects multiple versions of the Linux kernel, specifically versions between 2.6.37 and up to 5.13-rc3.
What type of vulnerability is CVE-2021-47168?
CVE-2021-47168 is a memory corruption vulnerability within the NFS subsystem of the Linux kernel.
What are the risks of CVE-2021-47168?
The risks associated with CVE-2021-47168 include potential crashes or unauthorized access to sensitive data due to memory corruption.
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/softwarecombine
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.37
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.13-rc1
- version/linux kernel/5.13-rc2
- version/linux kernel/5.13-rc3