CVE-2021-38199: 
Linux Kernel vulnerability analysis and mitigation

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. The vulnerability was discovered by Michael Wakabayashi and assigned CVE-2021-38199 (NVD).

The vulnerability stems from incorrect connection setup ordering in the NFSv4 client implementation. The issue occurs during the trunking detection phase of establishing connections to NFSv4 servers. The vulnerability has a CVSS v3.1 Base Score of 6.5 MEDIUM with vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability allows remote NFSv4 server operators to cause a denial of service condition by making their servers unreachable during the trunking detection phase. This results in hanging of mounts on the client system (NetApp Security).

The vulnerability was fixed in Linux kernel version 5.13.4. Users should upgrade their kernel to version 5.13.4 or later. Multiple Linux distributions have released security updates to address this vulnerability, including Debian with versions 5.10.46-5 for Debian 11 and 4.19.208-1 for Debian 9 (Debian Security).