CVE-2021-3178

Updated: 2022-09-27 17:53:17.260272

Description:

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.5
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS kernel 2.6.32 6.5 MEDIUM Released CLSA-2021:1632262296 2022-05-05 12:01:39
CentOS 8.4 ELS kernel 4.18.0-305.25.1 6.5 MEDIUM Ignored 2022-02-10 08:36:34
CentOS 8.5 ELS kernel 4.18.0-348.7.1 6.5 MEDIUM Ignored 2022-02-21 05:39:38
CloudLinux 6 ELS kernel 2.6.32 6.5 MEDIUM Ignored 2022-01-27 11:20:14
Oracle Linux 6 ELS kernel 2.6.32 6.5 MEDIUM Released CLSA-2022:1669850228 2022-11-30 19:57:53
Ubuntu 16.04 ELS linux-hwe 4.15.0 6.5 MEDIUM Ignored 2022-09-28 08:02:32
Ubuntu 16.04 ELS linux 4.4.0 6.5 MEDIUM Not Vulnerable 2022-01-26 05:16:14

Statement

Will not fix: low score