CVE-2021-38199
Public on 2021-08-08
Modified on 2022-03-07
Description
A flaw was found in the hanging of mounts in the Linux kernel's NFS4 subsystem where remote servers are unreachable for the client during migration of data from one server to another (during trunking detection). This flaw allows a remote NFS4 server (if the client is connected) to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2022-03-07 | ALAS-2022-1571 | Fixed |
| Amazon Linux 2 - Core | kernel | 2022-03-07 | ALAS2-2022-1761 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-01-20 | ALAS2KERNEL-5.10-2022-004 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-20 | ALAS2KERNEL-5.4-2022-006 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.5 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 3.3 | AV:A/AC:L/Au:N/C:N/I:N/A:P |
| NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |