CVE-2021-47507

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.144

Description: The issue is related to a NULL pointer dereference in the Linux kernel's nfsd component. This can lead to a denial of service. The problem arises from a race condition between the rpc pipefs event() function and the registration of nfsd net id by register pernet subsys(). The crash occurs due to an inability to handle a kernel NULL pointer dereference at a specific virtual address. Technical details include the involvement of rpc pipefs event(), blocking notifier call chain, and other functions like rpc fill super, get tree keyed, and ksys mount. The rpc pipefs event() function is a key part of the issue, and the crash info points to a problem at virtual address 0000000000000012.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the nfsd startup race condition, specifically the commit bb7ffbf29e76 that addresses the issue by restoring the order of register pernet subsys() vs register cld notifier() and adding a WARN ON() to prevent future regressions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.