An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2034342 | Issue Tracking Third Party Advisory |
https://lore.kernel.org/lkml/20210517140244.822185482%40linuxfoundation.org/ | |
https://security.netapp.com/advisory/ntap-20220602-0007/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
07 Nov 2023, 03:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
17 Jan 2023, 21:23
Type | Values Removed | Values Added |
---|---|---|
CPE |
19 Oct 2022, 15:23
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220602-0007/ - Third Party Advisory | |
CPE | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h500e
Netapp h700e Firmware Netapp h500s Netapp h500e Firmware Netapp h410s Firmware Netapp h300e Netapp h300e Firmware Netapp h700s Oracle communications Cloud Native Core Binding Support Function Netapp h300s Netapp h700e Netapp Oracle Netapp h300s Firmware Netapp h700s Firmware Netapp h410s Netapp h500s Firmware |
25 Jul 2022, 18:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Apr 2022, 15:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CVSS |
v2 : v3 : |
v2 : 7.4
v3 : 8.0 |
First Time |
Linux linux Kernel
Fedoraproject fedora Linux Fedoraproject |
|
References | (MISC) https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/ - Exploit, Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2034342 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
25 Mar 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-25 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-4157
Mitre link : CVE-2021-4157
CVE.ORG link : CVE-2021-4157
JSON object : View
Products Affected
netapp
- h700s
- h500e_firmware
- h410s
- h500s
- h300s_firmware
- h300e_firmware
- h300s
- h500s_firmware
- h700e_firmware
- h410s_firmware
- h700e
- h700s_firmware
- h500e
- h300e
oracle
- communications_cloud_native_core_binding_support_function
fedoraproject
- fedora
linux
- linux_kernel
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer