CVE-2021-3178

Public on 2021-02-16
Modified on 2021-02-19
Description
A flaw leak of the file handle for parent directory in the Linux kernel's NFS3 functionality was found in the way user calls READDIRPLUS. A local user could use this flaw to traverse to other parts of the file-system than mounted sub-folder.
Severity
Medium
CVSS v3 Base Score
5.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2021-02-17 18:07 ALAS2-2021-1600
Amazon Linux 1 kernel 2021-02-16 00:13 ALAS-2021-1480

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.7 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
NVD CVSSv2 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N
NVD CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N