VDB

DEBIAN-CVE-2021-3178

DEBIAN-CVE-2021-3178 PUBLISHED CVSS 6.5 MEDIUM

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:11linux0, 0, 0
Debian:12linux0, 0, 0
Debian:14linux0, 0, 0
Debian:13linux0, 0, 0

Timeline

  • Jan 19, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›