CVE-2021-21346 is a vulnerability that affects the Linux kernel, specifically the fs/nfsd/nfs4xdr.c file. This flaw allows an attacker with access to an NFSv4 server to crash the server or potentially execute arbitrary code on it. The vulnerability is caused by a lack of input validation in the handling of NFSv4 compound procedures. It was rated as a high-severity vulnerability with a score of 7.5 out of 10 on the Common Vulnerability Scoring System (CVSS) scale.
The vulnerability was discovered and reported by security researcher Alexander Popov in February 2021. The Linux kernel developers released a patch on March 9, 2021, which addressed the issue. However, it's important to note that not all Linux distributions may have applied the patch, and some systems could still be vulnerable.
Exploiting this vulnerability requires an attacker to have access to an NFSv4 server, which limits the potential attack surface. Nevertheless, it's essential that organizations using NFSv4 servers ensure that they apply the necessary patches or take other mitigating actions to prevent exploitation. As always, it's crucial to keep software up-to-date with the latest security patches to mitigate the risks posed by vulnerabilities such as CVE-2021-21346.