CVE-2021-47107 Linux CVE debrief

Who should care

Linux distribution maintainers, kernel teams, and operators running NFSD/NFS services on Linux should treat this as a priority kernel fix. Any environment that exposes affected kernel builds through NFS server functionality should verify it has the patched code path.

Technical summary

The bug is an arithmetic underflow in the READDIR buffer-size handling used by the NFSD init_dirlist helper. The kernel description says the old entry encoders avoided the issue, but the newer entry-encoding path exposed the underflow to xdr_reserve_space() pointer arithmetic, creating an out-of-bounds write condition when the READDIR count argument is too small. NVD classifies the weakness as CWE-120 and assigns CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

• Check whether any Linux systems in your fleet run affected kernel versions or vendor backports derived from the vulnerable range.
• Deploy a kernel build that includes the linked stable fixes for the NFSD READDIR issue.
• Prioritize NFS server hosts, storage appliances, and images that enable NFSD for emergency patching and validation.
• Use your distro or vendor security advisories to confirm the fix is backported, rather than relying only on upstream version numbers.
• After patching, validate normal NFS directory listing behavior in staging and production monitoring to confirm service stability.

Evidence notes

This debrief is based only on the supplied NVD record and the linked official kernel/stable references. The NVD description states that a too-small READDIR count can underflow the buffer-size calculation in init_dirlist and lead to writes beyond the actual buffer. NVD’s vulnerable CPE criteria list Linux kernel versions from 5.13 through 5.15.12 and 5.16-rc1 through 5.16-rc6. The record also links stable kernel commits and a Siemens advisory reference, which were used only as corroborating official references.

Official resources