In the Linux kernel, the following vulnerability has been resolved: nfsd:
fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry
may be NULL. Before 20798dfe249a, the encoder also checked dentry and
d_really_is_positive(dentry), but that looks like overkill to me–zero
status should be enough to guarantee a positive dentry. This isn’t the
first time we’ve seen an error-case NULL dereference hidden in the
initialization of a local variable in an xdr encoder. But I went back
through the other recent rewrites and didn’t spot any similar bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/ab1016d39cc052064e32f25ad18ef8767a0ee3b8 (5.14-rc1)
git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870
git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8
launchpad.net/bugs/cve/CVE-2021-47316
nvd.nist.gov/vuln/detail/CVE-2021-47316
security-tracker.debian.org/tracker/CVE-2021-47316
www.cve.org/CVERecord?id=CVE-2021-47316