{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix use-after-free in nfs4_init_client()\n\nKASAN reports a use-after-free when attempting to mount two different\nexports through two different NICs that belong to the same server.\n\nOlga was able to hit this with kernels starting somewhere between 5.7\nand 5.10, but I traced the patch that introduced the clear_bit() call to\n4.13. So something must have changed in the refcounting of the clp\npointer to make this call to nfs_put_client() the very last one." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/nfs/nfs4client.c" ], "versions": [ { "version": "8dcbec6d20eb", "lessThan": "c7eab9e2d7b4", "status": "affected", "versionType": "git" }, { "version": "8dcbec6d20eb", "lessThan": "42c10b0db064", "status": "affected", "versionType": "git" }, { "version": "8dcbec6d20eb", "lessThan": "3e3c7ebbfac1", "status": "affected", "versionType": "git" }, { "version": "8dcbec6d20eb", "lessThan": "c3b6cf64dfe4", "status": "affected", "versionType": "git" }, { "version": "8dcbec6d20eb", "lessThan": "72651c6579a2", "status": "affected", "versionType": "git" }, { "version": "8dcbec6d20eb", "lessThan": "476bdb04c501", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/nfs/nfs4client.c" ], "versions": [ { "version": "4.13", "status": "affected" }, { "version": "0", "lessThan": "4.13", "status": "unaffected", "versionType": "custom" }, { "version": "4.14.237", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.19.195", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.4.126", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.44", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.12.11", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/c7eab9e2d7b4e983ce280276fb920af649955897" }, { "url": "https://git.kernel.org/stable/c/42c10b0db064e45f5c5ae7019bbf2168ffab766c" }, { "url": "https://git.kernel.org/stable/c/3e3c7ebbfac152d08be75c92802a64a1f6471a15" }, { "url": "https://git.kernel.org/stable/c/c3b6cf64dfe4ef96e7341508d50d6998da7062c7" }, { "url": "https://git.kernel.org/stable/c/72651c6579a25317a90536181d311c663d0329ab" }, { "url": "https://git.kernel.org/stable/c/476bdb04c501fc64bf3b8464ffddefc8dbe01577" } ], "title": "NFS: Fix use-after-free in nfs4_init_client()", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2021-47259", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }