LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47316: nfsd: fix NULL dereference in nfs3svc_encode_getaclres

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel NFS server bug. In some error cases, the NFS ACL response code may use missing object data and hit a NULL dereference. The sources do not provide CVSS, severity, or confirmed business impact, so urgency depends on whether affected kernels run NFS services.

Executive priority

Treat as a targeted kernel maintenance item. Prioritize NFS servers, appliances, and Siemens-referenced environments. There is no cited active exploitation, but kernel NULL dereferences can affect availability and should not be left unresolved on exposed infrastructure.

Technical view

CVE-2021-47316 affects Linux kernel NFSD code in nfs3svc_encode_getaclres. The issue is a NULL dereference when dentry may be NULL during error handling. The source bundle identifies Linux 5.13-related affected ranges and stable kernel commits resolving the bug, but does not provide CWE, CVSS, or exploit prerequisites.

Likely exposure

Exposure is most likely on Linux systems running affected kernel versions or commits with the kernel NFS server enabled, especially where NFSv3 ACL handling is used. Systems not running NFSD are less likely to be reachable through this code path.

Exploitation context

The source bundle says this CVE is not in CISA KEV and provides no evidence of active exploitation, public exploit use, or weaponized details. The issue is described as an error-case NULL dereference in an XDR encoder, not as a complete exploitation chain.

Researcher notes

The public data is sparse: no CVSS, CWE, exploit status, or detailed trigger conditions are provided. Analysis should stay close to the kernel fix context: NFSD, NFSv3 GETACL result encoding, and NULL dentry handling in error cases.

Mitigation direction

  • Apply Linux kernel updates containing the referenced stable fixes.
  • Prioritize hosts running NFSD or exporting NFS shares.
  • Check distribution advisories for fixed kernel package versions.
  • Review Siemens advisories if affected Siemens products are deployed.

Validation and detection

  • Inventory Linux kernel versions against the CVE affected data.
  • Identify systems with NFSD enabled or NFS exports configured.
  • Confirm installed kernels include the referenced stable commits or vendor fixes.
  • Check Siemens product advisories for product-specific exposure statements.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47316 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxd505e66191072748620fc0af038cea4e4da0e3cd, 20798dfe249a01ad1b12eec7dbc572db5003244a, 20798dfe249a01ad1b12eec7dbc572db5003244aunaffected
LinuxLinux5.13, 0, 5.13.4, 5.14affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.