Bug 1181162 - (CVE-2021-3178) VUL-0: DISPUTED: CVE-2021-3178: kernel-source-rt,kernel-source,kernel-source-azure: when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse other parts (fs/nfsd/nfs3xdr.c)
VUL-0: DISPUTED: CVE-2021-3178: kernel-source-rt,kernel-source,kernel-source-...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2021-01-20 10:24 UTC by Robert Frohl
Modified: 2021-03-02 15:22 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-01-20 10:24:39 UTC

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there
is an NFS export of a subdirectory of a filesystem, allows remote attackers to
traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties
argue that such a subdirectory export is not intended to prevent this attack;
see also the exports(5) no_subtree_check default behavior.

Comment 1 Robert Frohl 2021-01-20 10:24:56 UTC
opening this so that we have a record
Comment 3 Takashi Iwai 2021-01-21 11:40:27 UTC
Neil, could you check?
Comment 4 Neil Brown 2021-01-21 22:05:14 UTC
I agree that this disputed ... or to put it bluntly: completely misguided.

There is no vulnerability.  The export of subdirectories is documented as providing access to the entire filesystem unless "subtree_check" is specified, and that can cause other problems.

Further, the identified patch make no change to access at all.  Anything that could be accessed before the patch can equally be accessed after the patch.  The information that it exposes is easily discovered by other paths.

The patch itself is appropriate but of almost zero significance.  I would not backport it to stable kernels myself, but I don't strongly object to doing so.
Comment 5 Takashi Iwai 2021-01-25 14:34:23 UTC
Reassigned back to security team.
Comment 6 Robert Frohl 2021-03-02 15:22:41 UTC