Western Digital has patched a critical vulnerability, tracked as CVE-2021-44142, that could have allowed attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.
This vulnerability related to a Samba out-of-bounds heap read/write that impacts the vfs_fruit VFS module when parsing EA metadata when opening files in smbd, part of the samba suite and provides enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.
The CVE-2021-44142 flaw affects the following devices:
- My Cloud PR2100
- My Cloud PR4100
- My Cloud EX4100
- My Cloud EX2 Ultra
- My Cloud Mirror Gen 2
- My Cloud DL2100
- My Cloud DL4100
- My Cloud EX2100
- My Cloud
- WD Cloud
This specific flaw exists within the parsing of extended attributes metadata when opening a file in smbd. This vulnerability can be exploited by unauthenticated users if they are allowed write access to file extended attributes.
Western Digital fixed the issue by removing the fruit VFS module from the list of configured VFS objects and changing EA support configurations.
The flaw was fixed with the release of My Cloud OS 5 Firmware 5.21.104.