Unrated severityNVD Advisory· Published Feb 21, 2022· Updated Apr 23, 2025
CVE-2021-44142
CVE-2021-44142
Description
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
101- Range: <4.13.17, <4.14.12, <4.15.5
<4.13.17, <4.14.12, <4.15.5+ 1 more
- (no CPE)range: <4.13.17, <4.14.12, <4.15.5
- (no CPE)range: unspecified
- osv-coords98 versionspkg:rpm/almalinux/libsmbclient-develpkg:rpm/almalinux/libwbclient-develpkg:rpm/almalinux/samba-develpkg:rpm/almalinux/samba-vfs-iouringpkg:rpm/opensuse/apparmor&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/krb5-mini&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ldb&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libapparmor&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/sssd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/talloc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/talloc-man&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tdb&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tevent&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tevent-man&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ca-certificates&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ca-certificates&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/ldb&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libapparmor&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libapparmor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/samba&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/samba&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/samba&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/talloc-man&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/tevent-man&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/yast2-samba-client&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/yast2-samba-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.14.5-9.el8_5+ 97 more
- (no CPE)range: < 4.14.5-9.el8_5
- (no CPE)range: < 4.14.5-9.el8_5
- (no CPE)range: < 4.14.5-9.el8_5
- (no CPE)range: < 4.14.5-9.el8_5
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 2.4.1-150300.3.10.1
- (no CPE)range: < 2.13.6-150300.3.11.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.15.5+git.328.f1f29505d84-1.1
- (no CPE)range: < 1.16.1-150300.23.17.3
- (no CPE)range: < 2.3.3-150300.3.3.2
- (no CPE)range: < 2.3.3-150300.3.3.1
- (no CPE)range: < 1.4.4-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.1
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 1_201403302107-15.3.3
- (no CPE)range: < 1_201403302107-15.3.3
- (no CPE)range: < 3.4.17-8.4.1
- (no CPE)range: < 3.4.17-8.4.1
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 2.2.2-4.6.1
- (no CPE)range: < 2.4.1-150300.3.10.1
- (no CPE)range: < 2.4.1-150300.3.10.1
- (no CPE)range: < 2.13.6-150300.3.11.1
- (no CPE)range: < 2.13.6-150300.3.11.1
- (no CPE)range: < 3.1-21.3.2
- (no CPE)range: < 3.1-21.3.2
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.7.11+git.365.5e9f8cc5fa0-4.63.1
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.7.11+git.365.5e9f8cc5fa0-4.63.1
- (no CPE)range: < 4.7.11+git.365.5e9f8cc5fa0-4.63.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.4.2-38.48.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.7.11+git.365.5e9f8cc5fa0-4.63.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.7.11+git.365.5e9f8cc5fa0-4.63.1
- (no CPE)range: < 4.9.5+git.483.212a7ebca6b-3.64.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.11.14+git.319.91d693db37c-4.35.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 4.6.16+git.320.a2d80a7efef-3.70.1
- (no CPE)range: < 1.16.1-150300.23.17.3
- (no CPE)range: < 1.16.1-150300.23.17.3
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 2.3.3-150300.3.3.2
- (no CPE)range: < 2.3.3-150300.3.3.2
- (no CPE)range: < 2.3.3-150300.3.3.1
- (no CPE)range: < 1.4.4-150300.3.3.2
- (no CPE)range: < 1.4.4-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.1
- (no CPE)range: < 3.1.23-3.3.1
- (no CPE)range: < 3.1.23-3.3.1
Patches
Vulnerability mechanics
References
5- kb.cert.org/vuls/id/119678mitrethird-party-advisory
- security.gentoo.org/glsa/202309-06mitrevendor-advisory
- bugzilla.samba.org/show_bug.cgimitre
- www.samba.org/samba/security/CVE-2021-44142.htmlmitre
- www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austinmitre
News mentions
0No linked articles in our index yet.