In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.

nfsd: NULL dereference in nfs3svc_encode_getaclres.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in     nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also     checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be     enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference     hidden in the initialization of a local variable in an xdr encoder. But I went back through the other     recent rewrites and didn't spot any similar bugs. (CVE-2021-47316)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
503651	Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2021-47316)	Tenable OT Security	Tenable.ot	medium
239342	TencentOS Server 4: kernel (TSSA-2024:0981)	Nessus	Tencent Local Security Checks	high
230099	Linux Distros Unpatched Vulnerability : CVE-2021-47316	Nessus	Misc.	medium

Detections

Analytics

CVE-2021-47316

medium

Tenable Plugins

medium

high

medium