{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47506","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-22T06:20:56.205Z","datePublished":"2024-05-24T15:01:52.746Z","dateUpdated":"2025-05-21T08:31:49.596Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-21T08:31:49.596Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix use-after-free due to delegation race\n\nA delegation break could arrive as soon as we've called vfs_setlease.  A\ndelegation break runs a callback which immediately (in\nnfsd4_cb_recall_prepare) adds the delegation to del_recall_lru.  If we\nthen exit nfs4_set_delegation without hashing the delegation, it will be\nfreed as soon as the callback is done with it, without ever being\nremoved from del_recall_lru.\n\nSymptoms show up later as use-after-free or list corruption warnings,\nusually in the laundromat thread.\n\nI suspect aba2072f4523 \"nfsd: grant read delegations to clients holding\nwrites\" made this bug easier to hit, but I looked as far back as v3.0\nand it looks to me it already had the same problem.  So I'm not sure\nwhere the bug was introduced; it may have been there from the beginning."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nfsd/nfs4state.c"],"versions":[{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"04a8d07f3d58308b92630045560799a3faa3ebce","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"348714018139c39533c55661a0c7c990671396b4","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"33645d3e22720cac1e4548f8fef57bf0649536ee","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"2becaa990b93cbd2928292c0b669d3abb6cf06d4","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"e0759696de6851d7536efddfdd2dfed4c4df1f09","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"eeb0711801f5e19ef654371b627682aed3b11373","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"148c816f10fd11df27ca6a9b3238cdd42fa72cd3","status":"affected","versionType":"git"},{"version":"dff1399f8addf7129c49bb2227469da79cc30b47","lessThan":"548ec0805c399c65ed66c6641be467f717833ab5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nfsd/nfs4state.c"],"versions":[{"version":"3.17","status":"affected"},{"version":"0","lessThan":"3.17","status":"unaffected","versionType":"semver"},{"version":"4.4.296","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.294","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.259","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.222","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.168","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.85","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.8","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"4.4.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"4.9.294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"4.14.259"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"4.19.222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.4.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.10.85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.15.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce"},{"url":"https://git.kernel.org/stable/c/348714018139c39533c55661a0c7c990671396b4"},{"url":"https://git.kernel.org/stable/c/33645d3e22720cac1e4548f8fef57bf0649536ee"},{"url":"https://git.kernel.org/stable/c/2becaa990b93cbd2928292c0b669d3abb6cf06d4"},{"url":"https://git.kernel.org/stable/c/e0759696de6851d7536efddfdd2dfed4c4df1f09"},{"url":"https://git.kernel.org/stable/c/eeb0711801f5e19ef654371b627682aed3b11373"},{"url":"https://git.kernel.org/stable/c/148c816f10fd11df27ca6a9b3238cdd42fa72cd3"},{"url":"https://git.kernel.org/stable/c/548ec0805c399c65ed66c6641be467f717833ab5"}],"title":"nfsd: fix use-after-free due to delegation race","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47506","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-29T17:04:47.932390Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:13:44.394Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.751Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/348714018139c39533c55661a0c7c990671396b4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/33645d3e22720cac1e4548f8fef57bf0649536ee","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2becaa990b93cbd2928292c0b669d3abb6cf06d4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e0759696de6851d7536efddfdd2dfed4c4df1f09","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/eeb0711801f5e19ef654371b627682aed3b11373","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/148c816f10fd11df27ca6a9b3238cdd42fa72cd3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/548ec0805c399c65ed66c6641be467f717833ab5","tags":["x_transferred"]}]}]}}