CVE-2021-47316: nfsd: fix NULL dereference in nfs3svc_encode_getaclres
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix NULL dereference in nfs3svc_encode_getaclres
In error cases the dentry may be NULL.
Before 20798dfe249a, the encoder also checked dentry and
d_really_is_positive(dentry), but that looks like overkill to me--zero
status should be enough to guarantee a positive dentry.
This isn't the first time we've seen an error-case NULL dereference
hidden in the initialization of a local variable in an xdr encoder. But
I went back through the other recent rewrites and didn't spot any
similar bugs.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel NFS server bug. In some error cases, the NFS ACL response code may use missing object data and hit a NULL dereference. The sources do not provide CVSS, severity, or confirmed business impact, so urgency depends on whether affected kernels run NFS services.
Executive priority
Treat as a targeted kernel maintenance item. Prioritize NFS servers, appliances, and Siemens-referenced environments. There is no cited active exploitation, but kernel NULL dereferences can affect availability and should not be left unresolved on exposed infrastructure.
Technical view
CVE-2021-47316 affects Linux kernel NFSD code in nfs3svc_encode_getaclres. The issue is a NULL dereference when dentry may be NULL during error handling. The source bundle identifies Linux 5.13-related affected ranges and stable kernel commits resolving the bug, but does not provide CWE, CVSS, or exploit prerequisites.
Likely exposure
Exposure is most likely on Linux systems running affected kernel versions or commits with the kernel NFS server enabled, especially where NFSv3 ACL handling is used. Systems not running NFSD are less likely to be reachable through this code path.
Exploitation context
The source bundle says this CVE is not in CISA KEV and provides no evidence of active exploitation, public exploit use, or weaponized details. The issue is described as an error-case NULL dereference in an XDR encoder, not as a complete exploitation chain.
Researcher notes
The public data is sparse: no CVSS, CWE, exploit status, or detailed trigger conditions are provided. Analysis should stay close to the kernel fix context: NFSD, NFSv3 GETACL result encoding, and NULL dentry handling in error cases.
Mitigation direction
Apply Linux kernel updates containing the referenced stable fixes.
Prioritize hosts running NFSD or exporting NFS shares.
Check distribution advisories for fixed kernel package versions.
Review Siemens advisories if affected Siemens products are deployed.
Validation and detection
Inventory Linux kernel versions against the CVE affected data.
Identify systems with NFSD enabled or NFS exports configured.
Confirm installed kernels include the referenced stable commits or vendor fixes.
Check Siemens product advisories for product-specific exposure statements.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47316 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.