Bug 2282402 (CVE-2021-47351)
| Summary: | CVE-2021-47351 kernel: ubifs: Fix races between xattr_{set|get} and listxattr operations | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | ybuenos |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, scweaver, sidakwo, sukulkar, tglozar, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.4.133, kernel 5.10.51, kernel 5.12.18, kernel 5.13.3, kernel 5.14 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the Linux kernel's UBIFS file system, where concurrent operations to set or get extended attributes (xattrs) and list xattrs could lead to assertion failures or memory corruption. This problem arises because the system does not properly handle simultaneous read and write requests, potentially causing stale xattr values or other inconsistencies.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2282498 | ||
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2021-47351 is: SKIP No affected files built, so skip this CVE NO - - unknown (where first YES/NO value means if related sources built). |
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations The Linux kernel CVE team has assigned CVE-2021-47351 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47351-8e6c@gregkh/T