Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-3178

Published: 19/01/2021 Updated: 17/05/2024
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Linux Kernel

Vulnerability Summary

fs/nfsd/nfs3xdr.c in the Linux kernel up to and including 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote malicious users to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 33

debian debian linux 9.0

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1480
A use-after-free flaw was found in kernel/trace/ring_bufferc in Linux kernel (before 510-rc1) There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS) This flaw could even allow a local attacker with special user privilege to a kernel information leak threat ...
Amazon Linux 2: ALAS2-2021-1600
A use-after-free flaw was found in kernel/trace/ring_bufferc in Linux kernel (before 510-rc1) There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS) This flaw could even allow a local attacker with special user privilege to a kernel information leak threat ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-020
A use-after-free flaw was found in kernel/trace/ring_bufferc in Linux kernel There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS) This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (CVE-2020-27825 ...
Arch Linux Issues:
fs/nfsd/nfs3xdrc in the Linux kernel through 5108, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default b ...

References

CWE-22https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2021-1480.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook