Bug 2293227 (CVE-2021-47599)
| Summary: | CVE-2021-47599 kernel: btrfs: use latest_dev in btrfs_show_devname | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar, ymittal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.15.11, kernel 5.16 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the Linux kernel's btrfs filesystem related to device name display in the btrfs_show_devname function, where the issue occurs when the function attempts to access device names after btrfs_prepare_sprout() moves devices to the seed list, resulting in warnings due to the absence of found devices, which can lead to unreliable device information being presented, potentially affecting system operations that depend on accurate device names.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2293209 | ||
|
Description
Avinash Hanwate
2024-06-20 10:36:31 UTC
|