CVE-2021-4157Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
8.0HIGHNVD
OSV4.7
EPSS
0.1%
top 82.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxFedoraproject Fedora+4 more
Timeline
PublishedMar 25
Latest updateMay 12

Description

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel4.04.4.269+7
Debianlinux/linux_kernel< 5.10.38-1+3
Ubuntulinux/linux_kernel< 4.4.0-224.257
CVEListV5linux/linux_kernelkernel 5.13-rc1
debiandebian/linux< linux 5.10.38-1 (bookworm)

Also affects: Fedora 35

🔴Vulnerability Details

3
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-05-12
GHSA
GHSA-5w94-r98f-mc64: An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of2022-03-26
OSV
CVE-2021-4157: An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of2022-03-25

📋Vendor Advisories

4
Ubuntu
Linux kernel vulnerabilities2022-05-12
Microsoft
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user having access to the NFS 2022-03-08
Red Hat
kernel: Buffer overwrite in decode_nfs_fh function2021-05-17
Debian
CVE-2021-4157: linux - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel ...2021