[PATCH 0/1] [SRU] [focal/linux-oem-5.6] CVE-2021-3178
Tim Gardner
tim.gardner at canonical.com
Fri Mar 12 18:23:08 UTC 2021
[Impact]
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export
of a subdirectory of a filesystem, allows remote attackers to traverse to other
parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a
subdirectory export is not intended to prevent this attack; see also the
exports(5) no_subtree_check default behavior.
[Test Plan]
none
[Where problems could occur]
Released in
linux-4.14.y
linux-4.19.y
linux-4.4.y
linux-4.9.y
linux-5.10.y
linux-5.4.y
More information about the kernel-team
mailing list