CVE-2021-47316

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 20798dfe249a

Description A NULL dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the nfsd component, specifically in the nfs3svc encode getaclres function, where the dentry may be NULL in error cases. The encoder previously checked the dentry and d really is positive(dentry), but this was considered overkill, as a zero status should be enough to guarantee a positive dentry. This is not the first instance of an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder.

Recommendations As a temporary workaround, consider disabling the nfs3svc encode getaclres function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.