cve/published/2021/CVE-2021-47316.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47316: nfsd: fix NULL dereference in nfs3svc_encode_getaclres

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 nfsd: fix NULL dereference in nfs3svc_encode_getaclres

 In error cases the dentry may be NULL.

 Before 20798dfe249a, the encoder also checked dentry and
 d_really_is_positive(dentry), but that looks like overkill to me--zero
 status should be enough to guarantee a positive dentry.

 This isn't the first time we've seen an error-case NULL dereference
 hidden in the initialization of a local variable in an xdr encoder.  But
 I went back through the other recent rewrites and didn't spot any
 similar bugs.

 The Linux kernel CVE team has assigned CVE-2021-47316 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.13 with commit 20798dfe249a01ad1b12eec7dbc572db5003244a and fixed in 5.13.4 with commit 650e6f383a6eb40f7c0a010982a74ab4b6893870
 	Issue introduced in 5.13 with commit 20798dfe249a01ad1b12eec7dbc572db5003244a and fixed in 5.14 with commit ab1016d39cc052064e32f25ad18ef8767a0ee3b8

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47316
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/nfsd/nfs3acl.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d
 	https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870
 	https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47316: nfsd: fix NULL dereference in nfs3svc_encode_getaclres

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	nfsd: fix NULL dereference in nfs3svc_encode_getaclres

	In error cases the dentry may be NULL.

	Before 20798dfe249a, the encoder also checked dentry and
	d_really_is_positive(dentry), but that looks like overkill to me--zero
	status should be enough to guarantee a positive dentry.

	This isn't the first time we've seen an error-case NULL dereference
	hidden in the initialization of a local variable in an xdr encoder. But
	I went back through the other recent rewrites and didn't spot any
	similar bugs.

	The Linux kernel CVE team has assigned CVE-2021-47316 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.13 with commit 20798dfe249a01ad1b12eec7dbc572db5003244a and fixed in 5.13.4 with commit 650e6f383a6eb40f7c0a010982a74ab4b6893870
	Issue introduced in 5.13 with commit 20798dfe249a01ad1b12eec7dbc572db5003244a and fixed in 5.14 with commit ab1016d39cc052064e32f25ad18ef8767a0ee3b8

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47316
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/nfsd/nfs3acl.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d
	https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870
	https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8