nfsd: fix NULL dereference in nfs3svc_encode_getaclres
Summary
| CVE | CVE-2021-47316 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-05-21 15:15:18 UTC |
| Updated | 2026-05-12 10:16:37 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.000550000 probability, percentile 0.171670000 (date 2026-05-12)
Problem Types: CWE-476
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected d505e66191072748620fc0af038cea4e4da0e3cd e79057d15d96ef19de4de6d7e479bae3d58a2a8d git | Not specified |
| CNA | Linux | Linux | affected 20798dfe249a01ad1b12eec7dbc572db5003244a 650e6f383a6eb40f7c0a010982a74ab4b6893870 git | Not specified |
| CNA | Linux | Linux | affected 20798dfe249a01ad1b12eec7dbc572db5003244a ab1016d39cc052064e32f25ad18ef8767a0ee3b8 git | Not specified |
| CNA | Linux | Linux | affected 5.13 | Not specified |
| CNA | Linux | Linux | unaffected 5.13 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.13.4 5.13.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.14 * original_commit_for_fix | Not specified |
| ADP | Siemens | RUGGEDCOM RST2428P | unaffected * custom | Not specified |
| ADP | Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family | unaffected * custom | Not specified |
| ADP | Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 Family | unaffected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem | affected * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8 | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-265688.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870 | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-355557.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.