CVE-2021-4157

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.

CVSS v3 8.0 HIGH
CVSS v2.0 7.4 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.4^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 4.4 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2034342	Issue Tracking Third Party Advisory
https://lore.kernel.org/lkml/20210517140244.822185482%40linuxfoundation.org/
https://security.netapp.com/advisory/ntap-20220602-0007/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:::::::*

History

07 Nov 2023, 03:40

Type	Values Removed	Values Added
References	{'url': 'https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/', 'name': 'https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/', 'tags': ['Exploit', 'Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}	() https://lore.kernel.org/lkml/20210517140244.822185482%40linuxfoundation.org/ -

17 Jan 2023, 21:23

Type	Values Removed	Values Added
CPE	cpe:2.3:o:linux:linux_kernel:5.13:-::::::

19 Oct 2022, 15:23

Type	Values Removed	Values Added
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220602-0007/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220602-0007/ - Third Party Advisory
CPE		cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::*
First Time		Netapp h500e Netapp h700e Firmware Netapp h500s Netapp h500e Firmware Netapp h410s Firmware Netapp h300e Netapp h300e Firmware Netapp h700s Oracle communications Cloud Native Core Binding Support Function Netapp h300s Netapp h700e Netapp Oracle Netapp h300s Firmware Netapp h700s Firmware Netapp h410s Netapp h500s Firmware

25 Jul 2022, 18:18

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

02 Jun 2022, 20:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220602-0007/ -

07 Apr 2022, 15:31

Type	Values Removed	Values Added
CWE		CWE-119
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.4 v3 : 8.0
First Time		Linux linux Kernel Fedoraproject fedora Linux Fedoraproject
References	~~(MISC) https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/ -~~	(MISC) https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/ - Exploit, Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2034342 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2034342 - Issue Tracking, Third Party Advisory
CPE		cpe:2.3:o:linux:linux_kernel:5.13:-:::::: cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:linux:linux_kernel::::::::

25 Mar 2022, 19:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-25 19:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-4157

Mitre link : CVE-2021-4157

CVE.ORG link : CVE-2021-4157

JSON object : View

Products Affected

netapp

h700s
h500e_firmware
h410s
h500s
h300s_firmware
h300e_firmware
h300s
h500s_firmware
h700e_firmware
h410s_firmware
h700e
h700s_firmware
h500e
h300e

oracle

communications_cloud_native_core_binding_support_function

fedoraproject

fedora

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.0 /10