CVE-2021-47179 NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()

2024-03-2509:16:28

Linux

www.cve.org

nfsv4

pointer dereference

linux kernel

vulnerability

ontap

connectathon

null

cve-2021-47179

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()

Commit de144ff4234f changes _pnfs_return_layout() to call
pnfs_mark_matching_lsegs_return() passing NULL as the struct
pnfs_layout_range argument. Unfortunately,
pnfs_mark_matching_lsegs_return() doesn’t check if we have a value here
before dereferencing it, causing an oops.

I’m able to hit this crash consistently when running connectathon basic
tests on NFS v4.1/v4.2 against Ontap.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nfs/pnfs.c"
    ],
    "versions": [
      {
        "version": "80e34f4957ec",
        "lessThan": "4e1ba532dbc1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7b7b97746432",
        "lessThan": "42637ca25c7d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ffa7967f937",
        "lessThan": "39785761fead",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6be0e4b59314",
        "lessThan": "aba3c7795f51",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2fafe7d5047f",
        "lessThan": "f9890652185b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7e65ea887d0c",
        "lessThan": "b090d110e666",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "de144ff4234f",
        "lessThan": "a421d218603f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nfs/pnfs.c"
    ],
    "versions": [
      {
        "version": "4.9.269",
        "lessThan": "4.9.271",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.14.233",
        "lessThan": "4.14.235",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.19.191",
        "lessThan": "4.19.193",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.4.118",
        "lessThan": "5.4.124",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.10.36",
        "lessThan": "5.10.42",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.12.3",
        "lessThan": "5.12.9",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]