CVE-2021-47179

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494	Patch
https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48	Patch
https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42	Patch
https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb	Patch
https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb	Patch
https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a	Patch
https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-03-25 10:15

Updated : 2024-05-16 21:20

NVD link : CVE-2021-47179

Mitre link : CVE-2021-47179

CVE.ORG link : CVE-2021-47179

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2021-47179", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-03-25T10:15:09.317", "references": [{"url": "https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()\n\nCommit de144ff4234f changes _pnfs_return_layout() to call\npnfs_mark_matching_lsegs_return() passing NULL as the struct\npnfs_layout_range argument. Unfortunately,\npnfs_mark_matching_lsegs_return() doesn't check if we have a value here\nbefore dereferencing it, causing an oops.\n\nI'm able to hit this crash consistently when running connectathon basic\ntests on NFS v4.1/v4.2 against Ontap."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4: corrige una desreferencia de puntero NULL en pnfs_mark_matching_lsegs_return(). Confirme los cambios de144ff4234f _pnfs_return_layout() para llamar a pnfs_mark_matching_lsegs_return() pasando NULL como argumento de estructura pnfs_layout_range. Desafortunadamente, pnfs_mark_matching_lsegs_return() no verifica si tenemos un valor aqu\u00ed antes de eliminar la referencia a \u00e9l, lo que provoca un error. Puedo alcanzar este bloqueo de manera consistente cuando ejecuto pruebas b\u00e1sicas de Connectathon en NFS v4.1/v4.2 contra Ontap."}], "lastModified": "2024-05-16T21:20:28.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "498E5552-CBDA-4FE4-8844-EE7D575C9F35", "versionEndExcluding": "4.9.271", "versionStartIncluding": "4.9.269"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F80A9838-744C-4554-8CCE-B87128CC7170", "versionEndExcluding": "4.14.235", "versionStartIncluding": "4.14.233"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE4BABC9-D544-4D14-BF94-5E999CDF4847", "versionEndExcluding": "4.19.193", "versionStartIncluding": "4.19.191"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255B5502-D9A3-44BD-9B79-7C957CA4B62B", "versionEndExcluding": "5.4.124", "versionStartIncluding": "5.4.118"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAF8C28F-086A-4EC2-A931-2237C11F5F54", "versionEndExcluding": "5.10.42", "versionStartIncluding": "5.10.36"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "148AD795-DE39-4B4E-BDFF-D6A492C22C4C", "versionEndExcluding": "5.12.9", "versionStartIncluding": "5.12.3"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}