CVE-2021-3178

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/

https://patchwork.kernel.org/project/linux-nfs/patch/[email protected]/

Details

Source: MITRE

Published: 2021-01-19

Updated: 2021-03-25

Type: CWE-22

Risk Information

CVSS v2

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.10.8 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
153271EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-2392)NessusHuawei Local Security Checks
high
151307EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-2075)NessusHuawei Local Security Checks
high
151229EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-2040)NessusHuawei Local Security Checks
high
151167EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2021-2002)NessusHuawei Local Security Checks
high
150213EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1950)NessusHuawei Local Security Checks
high
149607EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1879)NessusHuawei Local Security Checks
high
149587EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1904)NessusHuawei Local Security Checks
high
149098EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)NessusHuawei Local Security Checks
high
148634EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)NessusHuawei Local Security Checks
high
148604EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1751)NessusHuawei Local Security Checks
high
148494Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)NessusUbuntu Local Security Checks
high
148492Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4910-1)NessusUbuntu Local Security Checks
high
148003Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4878-1)NessusUbuntu Local Security Checks
high
148001Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4876-1)NessusUbuntu Local Security Checks
medium
147992Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4877-1)NessusUbuntu Local Security Checks
medium
147532Debian DLA-2586-1 : linux security updateNessusDebian Local Security Checks
high
146631Amazon Linux 2 : kernel (ALAS-2021-1600)NessusAmazon Linux Local Security Checks
high
146569Amazon Linux AMI : kernel (ALAS-2021-1480)NessusAmazon Linux Local Security Checks
high
146261EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1265)NessusHuawei Local Security Checks
medium
145483Fedora 33 : kernel (2021-3bcc7198c8)NessusFedora Local Security Checks
medium