LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47168: NFS: fix an incorrect limit in filelayout_decode_layout()

In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This Linux kernel NFS flaw is an incorrect size limit that could allow memory corruption. The sources do not provide a CVSS score, exploit details, or confirmed active exploitation. Business urgency depends on whether affected Linux kernels are deployed, especially on systems using NFS functionality.

Executive priority

Treat as a tracked kernel maintenance item with moderate priority. Escalate for internet-facing infrastructure, shared file service environments, or systems with high availability requirements, but do not assume active exploitation from the provided evidence.

Technical view

The bug is in NFS filelayout_decode_layout(). The code used sizeof(struct nfs_fh), which the source says is two bytes larger than the ->data[] buffer and should be NFS_MAXFHSIZE. Stable kernel commits are referenced as fixes across supported branches.

Likely exposure

Exposure is likely limited to Linux systems running affected kernel versions or vendor kernels that include the vulnerable NFS code. The bundle lists Linux 2.6.37 through several stable branches up to 5.13 as affected, but vendor backport status must be checked.

Exploitation context

The bundle does not cite KEV inclusion, active exploitation, public exploit code, attacker prerequisites, or a reliable trigger path. Because the issue is kernel memory corruption, impact could be serious if reachable, but the available evidence is incomplete.

Researcher notes

Key unknowns are exploitability, privilege requirements, and reachable configurations. Review the referenced stable commits and downstream vendor patches to map exact affected ranges. Avoid overstating risk because CVSS, CWE, and exploit evidence are absent from the bundle.

Mitigation direction

  • Apply Linux kernel updates from the system vendor or stable kernel branch.
  • Prioritize systems that use or expose NFS-related functionality.
  • Check vendor advisories for backported fixes matching the referenced commits.
  • Schedule reboot or live-patch validation according to platform policy.

Validation and detection

  • Inventory Linux kernel versions across servers, hosts, and appliances.
  • Identify systems using NFS functionality or dependent workloads.
  • Compare installed kernels against vendor fixed versions and stable commits.
  • Confirm updates are active after reboot or live-patch application.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47168 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8, 16b374ca439fb406e46e071f75428f5b033056f8unaffected
LinuxLinux2.6.37, 0, 4.4.271, 4.9.271, 4.14.235, 4.19.193, 5.4.124, 5.10.42, 5.12.9, 5.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.