Public Date:
612028: CVE-2010-2521 kernel: nfsd4: bug in read_buf

The MITRE CVE dictionary describes this issue as:

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions.

Find out more about CVE-2010-2521 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 3 as it did not include support for Network File System (NFS) version 4. Future updates in Red Hat Enterprise 4, 5, and Red Hat Enterprise MRG may address this flaw.

CVSS v2 metrics

Base Score 8.3
Base Metrics AV:A/AC:L/Au:N/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0893 2010-11-16
Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) RHSA-2010:0907 2010-11-23
Red Hat Enterprise Linux 4 (kernel) RHSA-2010:0606 2010-08-05
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0610 2010-08-10
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0631 2010-08-17

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.