Bug 2267911 (CVE-2021-47107)
| Summary: | CVE-2021-47107 kernel: NFSD: Fix READDIR buffer overflow | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Zack Miele <zmiele> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, ldoskova, lgoncalv, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, scweaver, sidakwo, sukulkar, tglozar, vkumar, vsroka, wcosta, williams, wmealing, ycote, ykopkova |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.15.12, kernel 5.16 | Doc Type: | If docs needed, set a value |
| Doc Text: |
CVE-2021-47107 is a flaw in the Linux system that runs file-sharing services (NFS). The problem happened because the system did not properly check how much data it should handle when someone asked to list the contents of a folder. If that request was made with a very small value, the system could become confused and try to use more memory than it should. This mistake could cause the computer to crash, stop responding, or even give an attacker a chance to run harmful code. The issue has since been fixed in newer versions of Linux by adding proper checks to prevent unsafe requests.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2268181 | ||
|
Description
Zack Miele
2024-03-05 14:32:39 UTC
|