5.5

CVE-2021-47168

NFS: fix an incorrect limit in filelayout_decode_layout()

In the Linux kernel, the following vulnerability has been resolved:

NFS: fix an incorrect limit in filelayout_decode_layout()

The "sizeof(struct nfs_fh)" is two bytes too large and could lead to
memory corruption.  It should be NFS_MAXFHSIZE because that's the size
of the ->data[] buffer.

I reversed the size of the arguments to put the variable on the left.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.37 < 4.4.271
LinuxLinux Kernel Version >= 4.5 < 4.9.271
LinuxLinux Kernel Version >= 4.10 < 4.14.235
LinuxLinux Kernel Version >= 4.15 < 4.19.193
LinuxLinux Kernel Version >= 4.20 < 5.4.124
LinuxLinux Kernel Version >= 5.5 < 5.10.42
LinuxLinux Kernel Version >= 5.11 < 5.12.9
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8
Patch
https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a
Patch
https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e
Patch
https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040
Patch
https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1
Patch
https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84
Patch
https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1
Patch
https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714
Patch