{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-47307", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T13:27:52.133Z", "datePublished": "2024-05-21T14:35:26.667Z", "dateUpdated": "2025-12-18T11:36:32.875Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-18T11:36:32.875Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent NULL deref in cifs_compose_mount_options()\n\nThe optional @ref parameter might contain an NULL node_name, so\nprevent dereferencing it in cifs_compose_mount_options().\n\nAddresses-Coverity: 1476408 (\"Explicit null dereferenced\")"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cifs/cifs_dfs_ref.c"], "versions": [{"version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "f7d1fa65e74263d11f90ddd33b4d4cd905a93759", "status": "affected", "versionType": "git"}, {"version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "e58c162789becede894d3e94c0ce6695a2ef5796", "status": "affected", "versionType": "git"}, {"version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "ae3d181f4e912f51af7776ea165f199b16fc165d", "status": "affected", "versionType": "git"}, {"version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "03313d1c3a2f086bb60920607ab79ac8f8578306", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cifs/cifs_dfs_ref.c"], "versions": [{"version": "2.6.28", "status": "affected"}, {"version": "0", "lessThan": "2.6.28", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.135", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.53", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13.5", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.28", "versionEndExcluding": "5.4.135"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.28", "versionEndExcluding": "5.10.53"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.28", "versionEndExcluding": "5.13.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.28", "versionEndExcluding": "5.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759"}, {"url": "https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796"}, {"url": "https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d"}, {"url": "https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306"}], "title": "cifs: prevent NULL deref in cifs_compose_mount_options()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T15:23:12.230114Z", "id": "CVE-2021-47307", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:23:18.690Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.503Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.503Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47307", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T15:23:12.230114Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:23:16.008Z"}}], "cna": {"title": "cifs: prevent NULL deref in cifs_compose_mount_options()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "f7d1fa65e74263d11f90ddd33b4d4cd905a93759", "versionType": "git"}, {"status": "affected", "version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "e58c162789becede894d3e94c0ce6695a2ef5796", "versionType": "git"}, {"status": "affected", "version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "ae3d181f4e912f51af7776ea165f199b16fc165d", "versionType": "git"}, {"status": "affected", "version": "2c55608f28444c3f33b10312881384c470ceed56", "lessThan": "03313d1c3a2f086bb60920607ab79ac8f8578306", "versionType": "git"}], "programFiles": ["fs/cifs/cifs_dfs_ref.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.28"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.28", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.135", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.53", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.13.5", "versionType": "semver", "lessThanOrEqual": "5.13.*"}, {"status": "unaffected", "version": "5.14", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/cifs/cifs_dfs_ref.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759"}, {"url": "https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796"}, {"url": "https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d"}, {"url": "https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent NULL deref in cifs_compose_mount_options()\n\nThe optional @ref parameter might contain an NULL node_name, so\nprevent dereferencing it in cifs_compose_mount_options().\n\nAddresses-Coverity: 1476408 (\"Explicit null dereferenced\")"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.135", "versionStartIncluding": "2.6.28"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.53", "versionStartIncluding": "2.6.28"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13.5", "versionStartIncluding": "2.6.28"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14", "versionStartIncluding": "2.6.28"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-18T11:36:32.875Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47307", "state": "PUBLISHED", "dateUpdated": "2025-12-18T11:36:32.875Z", "dateReserved": "2024-05-21T13:27:52.133Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:35:26.667Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A710000A-275C-4C73-8384-4FDF4204C682", "versionEndExcluding": "5.4.135", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "08E2D438-D50E-43C5-AF10-D62FE49B5815", "versionEndExcluding": "5.10.53", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "808DF8D9-4913-4CC7-B91F-B4146556B7ED", "versionEndExcluding": "5.13.5", "versionStartIncluding": "5.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent NULL deref in cifs_compose_mount_options()\n\nThe optional @ref parameter might contain an NULL node_name, so\nprevent dereferencing it in cifs_compose_mount_options().\n\nAddresses-Coverity: 1476408 (\"Explicit null dereferenced\")"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminaci\u00f3n de desreferencias NULL en cifs_compose_mount_options() El par\u00e1metro @ref opcional puede contener un nombre de nodo NULL, por lo que se debe evitar eliminar la referencia a \u00e9l en cifs_compose_mount_options(). Direcciones-Cobertura: 1476408 (\"Nulo expl\u00edcito desreferenciado\")"}], "id": "CVE-2021-47307", "lastModified": "2024-12-26T18:44:19.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:18.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cifs: prevent NULL deref in cifs_compose_mount_options()", "id": "2282475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282475"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncifs: prevent NULL deref in cifs_compose_mount_options()\nThe optional @ref parameter might contain an NULL node_name, so\nprevent dereferencing it in cifs_compose_mount_options().\nAddresses-Coverity: 1476408 (\"Explicit null dereferenced\")", "A vulnerability was found in the Linux kernel's CIFS module, where the cifs_compose_mount_options() function can dereference a NULL pointer if it encounters a NULL node_name parameter. This issue could potentially lead to system crash or unexpected behavior due to the improper handling of null values."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47307", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47307\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47307\nhttps://lore.kernel.org/linux-cve-announce/2024052127-CVE-2021-47307-f8a6@gregkh/T"], "statement": "This vulnerability is rated as a moderate severity because the risk arises from the possibility of NULL pointer dereferencing, which can cause crashes or instability in the CIFS filesystem handling, it does not directly expose sensitive information or allow unauthorized access.", "threat_severity": "Moderate"}

{}