CVE-2021-46952

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the validation of UDP retransmission in the Linux kernel's NFS module. Specifically, it concerns the xprt calc majortimeo() function, where a shift out-of-bounds error can occur if a garbage timeout (retrans) mount option is passed to the NFS mount. This happens when the protocol is XPRT TRANSPORT UDP and the retrans value is 64 or greater, which is not valid for a 64-bit long integer. As a result, the mount fails and returns an error. Additionally, there is a mention of a vulnerability in the nfs23 parse monolithic() function related to the lack of control over user-input data, which could impact the confidentiality and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.