PatchSiren

PatchSiren cyber security CVE debrief

CVE-2021-38202 Netapp CVE debrief

CVE-2021-38202 is a network-reachable denial-of-service issue in the Linux kernel’s nfsd trace path. According to the CVE description and NVD, remote attackers can send NFS traffic that triggers an out-of-bounds read in strlen when the trace event framework is being used for nfsd. The issue is fixed in Linux kernel 5.13.4 and is mapped by NVD to affected NetApp-related CPE entries as well as the Linux kernel CPE.

Vendor
Netapp
Product
CVE-2021-38202
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2021-08-08
Original CVE updated
2026-05-12
Advisory published
2021-08-08
Advisory updated
2026-05-12

Who should care

Operators of Linux systems running kernel versions earlier than 5.13.4, especially NFS servers with nfsd trace events enabled or in use. Security teams responsible for NetApp products listed in the NVD CPE criteria should also validate vendor guidance and downstream backports.

Technical summary

NVD describes the flaw as CWE-125 (out-of-bounds read) in fs/nfsd/trace.h. The attack vector is network-based (CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), so an attacker does not need credentials or user interaction. The practical impact is availability loss: malformed or unexpected NFS traffic can cause the kernel to read beyond bounds in strlen while handling nfsd trace events, potentially leading to a crash or service disruption. The referenced upstream kernel changelog and commit indicate the issue was addressed in Linux 5.13.4.

Defensive priority

High priority for any exposed NFS environment, because the issue is remotely triggerable and can affect availability without authentication. Treat it as urgent for systems that run affected kernel versions and actively use nfsd tracing.

Recommended defensive actions

  • Upgrade Linux kernels to 5.13.4 or a vendor-maintained build that backports the fix.
  • Confirm whether nfsd trace events are enabled or used in production and disable unnecessary tracing.
  • Check downstream vendor advisories and patch levels for NetApp products listed in the NVD CPE criteria.
  • Validate affected host and appliance inventories against the Linux kernel version boundary and vendor-specific fixed releases.
  • Monitor NFS-facing systems for crashes or service interruptions until remediation is complete.

Evidence notes

Evidence comes from the CVE description, NVD modified record, and referenced official sources. NVD lists the weakness as CWE-125 and the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The NVD reference set includes the upstream Linux 5.13.4 changelog and a Torvalds Linux commit, plus a NetApp advisory. NVD CPE criteria explicitly mark the Linux kernel as vulnerable before 5.13.4 and include several NetApp product CPE entries.

Official resources

CVE-2021-38202 was published on 2021-08-08. The NVD record was last modified on 2026-05-12. The issue is described as affecting Linux kernel versions before 5.13.4, with downstream NetApp-related CPE entries also listed by NVD.