CVE-2021-3178 log

Severity Low
Remote Yes
Type Directory traversal
fs/nfsd/nfs3xdr.c in the Linux kernel before version 5.10.10 and 5.4.92, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.
Group Package Affected Fixed Severity Status Ticket
AVG-1469 linux-lts 5.4.91-1 5.4.92-1 Low Fixed
AVG-1468 linux-zen 5.10.9.zen1-1 5.10.10.zen1-1 Low Fixed
AVG-1467 linux-hardened 5.10.9.a-1 5.10.10.hardened1-1 Low Fixed
AVG-1466 linux 5.10.9.arch1-1 5.10.10.arch1-1 Low Fixed

This issue can be mitigated by enabling the subtree_check option of the NFS server.