UBUNTU-CVE-2021-3178

Description

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Systems

• ubuntu•linux

  all | < 4.4.0-204.236 | < 4.15.0-137.141 | < 5.4.0-67.75

• ubuntu•linux-aws

  < 4.4.0-1087.91 | < 4.4.0-1123.137 | < 4.15.0-1095.102 | < 5.4.0-1039.41

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1039.41~18.04.1

• ubuntu•linux-aws-fips

  < 4.15.0-2038.40 | all | < 5.4.0-1069.73+fips2

• ubuntu•linux-aws-hwe

  < 4.15.0-1095.102~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1109.121~14.04.1 | < 4.15.0-1109.121~16.04.1 | all | < 5.4.0-1041.43

• ubuntu•linux-azure-4.15

  < 4.15.0-1109.121

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1041.43~18.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2021.24 | all | < 5.4.0-1073.76+fips1

• ubuntu•linux-bluefield

  all

• ubuntu•linux-dell300x

  < 4.15.0-1013.17

• ubuntu•linux-fips

  < 4.4.0-1057.63 | all | < 4.15.0-1054.62

• ubuntu•linux-gcp

  < 4.15.0-1094.107~16.04.1 | all | < 5.4.0-1038.41

• ubuntu•linux-gcp-4.15

  < 4.15.0-1094.107

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1038.41~18.04.1

• ubuntu•linux-gcp-edge

  all

• ubuntu•linux-gcp-fips

  all | < 5.4.0-1067.71~20.04.1

• ubuntu•linux-gke

  < 5.4.0-1037.39

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.4

  < 5.4.0-1037.39~18.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1011.12

• ubuntu•linux-gkeop-5.4

  < 5.4.0-1011.12~18.04.2

• ubuntu•linux-hwe

  < 4.15.0-137.141~16.04.1 | all

• ubuntu•linux-hwe-5.4

  < 5.4.0-67.75~18.04.1

• ubuntu•linux-hwe-5.8

  < 5.8.0-49.55~20.04.1

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-kvm

  < 4.4.0-1089.98 | < 4.15.0-1086.88 | < 5.4.0-1034.35

• ubuntu•linux-lts-xenial

  < 4.4.0-204.236~14.04.1

• ubuntu•linux-nvidia

  all

• ubuntu•linux-oem

  all

• ubuntu•linux-oem-5.10

  < 5.10.0-1014.15

• ubuntu•linux-oem-5.6

  < 5.6.0-1053.57

• ubuntu•linux-oracle

  < 4.15.0-1066.74~16.04.1 | < 4.15.0-1066.74 | < 5.4.0-1039.42

• ubuntu•linux-oracle-5.0

  all

• ubuntu•linux-oracle-5.3

  all

• ubuntu•linux-oracle-5.4

  < 5.4.0-1039.42~18.04.1

• ubuntu•linux-raspi

  < 5.4.0-1030.33

• ubuntu•linux-raspi-5.4

  < 5.4.0-1030.33~18.04.1

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  < 4.4.0-1147.157 | < 4.15.0-1080.85 | all

• ubuntu•linux-realtime

  all

• ubuntu•linux-riscv

  all

• ubuntu•linux-riscv-5.8

  < 5.8.0-22.24~20.04.1

Showing first 50 affected entries in server-rendered view.

References (9)

• https://ubuntu.com/security/CVE-2021-3178
• https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
• https://ubuntu.com/security/notices/USN-4876-1
• https://ubuntu.com/security/notices/USN-4877-1
• https://ubuntu.com/security/notices/USN-4878-1
• https://ubuntu.com/security/notices/USN-4910-1
• https://ubuntu.com/security/notices/USN-4912-1
• https://www.cve.org/CVERecord?id=CVE-2021-3178