Bug 1944298 (CVE-2021-3506)
Summary: | CVE-2021-3506 kernel: Out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, steved, tomckay, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.12.0-rc4 | Doc Type: | If docs needed, set a value |
Doc Text: |
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-20 10:46:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1944299 | ||
Bug Blocks: | 1944300, 1951187 |
Description
Pedro Sampaio
2021-03-29 17:46:04 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1944299] Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: There was no shipped kernel version were seen affected with this problem. These files are not built in our source code. External References: https://www.openwall.com/lists/oss-security/2021/03/28/2 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3506 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3506 This was fixed for Fedora in the 5.11.20 stable kernel updates. |