CVE-2021-47168: NFS: fix an incorrect limit in filelayout_decode_layout()
In the Linux kernel, the following vulnerability has been resolved:
NFS: fix an incorrect limit in filelayout_decode_layout()
The "sizeof(struct nfs_fh)" is two bytes too large and could lead to
memory corruption. It should be NFS_MAXFHSIZE because that's the size
of the ->data[] buffer.
I reversed the size of the arguments to put the variable on the left.
Security readout for executives and security teams
Plain-English summary
This Linux kernel NFS flaw is an incorrect size limit that could allow memory corruption. The sources do not provide a CVSS score, exploit details, or confirmed active exploitation. Business urgency depends on whether affected Linux kernels are deployed, especially on systems using NFS functionality.
Executive priority
Treat as a tracked kernel maintenance item with moderate priority. Escalate for internet-facing infrastructure, shared file service environments, or systems with high availability requirements, but do not assume active exploitation from the provided evidence.
Technical view
The bug is in NFS filelayout_decode_layout(). The code used sizeof(struct nfs_fh), which the source says is two bytes larger than the ->data[] buffer and should be NFS_MAXFHSIZE. Stable kernel commits are referenced as fixes across supported branches.
Likely exposure
Exposure is likely limited to Linux systems running affected kernel versions or vendor kernels that include the vulnerable NFS code. The bundle lists Linux 2.6.37 through several stable branches up to 5.13 as affected, but vendor backport status must be checked.
Exploitation context
The bundle does not cite KEV inclusion, active exploitation, public exploit code, attacker prerequisites, or a reliable trigger path. Because the issue is kernel memory corruption, impact could be serious if reachable, but the available evidence is incomplete.
Researcher notes
Key unknowns are exploitability, privilege requirements, and reachable configurations. Review the referenced stable commits and downstream vendor patches to map exact affected ranges. Avoid overstating risk because CVSS, CWE, and exploit evidence are absent from the bundle.
Mitigation direction
Apply Linux kernel updates from the system vendor or stable kernel branch.
Prioritize systems that use or expose NFS-related functionality.
Check vendor advisories for backported fixes matching the referenced commits.
Schedule reboot or live-patch validation according to platform policy.
Validation and detection
Inventory Linux kernel versions across servers, hosts, and appliances.
Identify systems using NFS functionality or dependent workloads.
Compare installed kernels against vendor fixed versions and stable commits.
Confirm updates are active after reboot or live-patch application.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47168 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.