High severity7.1NVD Advisory· Published Feb 18, 2022· Updated May 12, 2026

CVE-2021-4090

Description

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.

Affected products

Linux/Kernel3 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <5.16
- cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
NetApp/H300e Firmware
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
NetApp/H300s Firmware
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
NetApp/H410c Firmware
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
NetApp/H410s Firmware
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
NetApp/H500e Firmware
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
NetApp/H500s Firmware
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
NetApp/H700e Firmware
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
NetApp/H700s Firmware
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Linux/Linux kerneldescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
security.netapp.com/advisory/ntap-20220318-0010/nvdThird Party Advisory
cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit%40klimt.1015granger.net/nvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000