Bug 2261976 (CVE-2021-33631) - CVE-2021-33631 kernel: ext4: kernel bug in ext4_write_inline_data_end() [NEEDINFO]
Summary: CVE-2021-33631 kernel: ext4: kernel bug in ext4_write_inline_data_end()
Keywords:
Status: NEW
Alias: CVE-2021-33631
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2261978
TreeView+ depends on / blocked
 
Reported: 2024-01-30 17:22 UTC by Mauro Matteo Cascella
Modified: 2024-06-10 11:47 UTC (History)
53 users (show)

Fixed In Version: kernel 6.2-rc1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0.
Clone Of:
Environment:
Last Closed:
Embargoed:
vinair: needinfo? (kgrant)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:1699 0 None None None 2024-04-08 14:54:19 UTC
Red Hat Product Errata RHSA-2024:1607 0 None None None 2024-04-02 15:55:49 UTC
Red Hat Product Errata RHSA-2024:1614 0 None None None 2024-04-02 17:21:57 UTC
Red Hat Product Errata RHSA-2024:1653 0 None None None 2024-04-03 00:30:58 UTC
Red Hat Product Errata RHSA-2024:1836 0 None None None 2024-04-16 15:03:57 UTC
Red Hat Product Errata RHSA-2024:1840 0 None None None 2024-04-16 14:53:48 UTC
Red Hat Product Errata RHSA-2024:2621 0 None None None 2024-04-30 16:59:43 UTC

Description Mauro Matteo Cascella 2024-01-30 17:22:31 UTC
NVD description:
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

Upstream commit:
https://github.com/torvalds/linux/commit/5c099c4fdc438014d5893629e70a8ba934433ee8

References:
https://www.openwall.com/lists/oss-security/2024/01/30/3
https://nvd.nist.gov/vuln/detail/CVE-2021-33631

Comment 3 Mauro Matteo Cascella 2024-01-31 10:16:00 UTC
This CVE was fixed upstream in kernel version 6.2. The kernel packages as shipped in Red Hat Enterprise Linux 9 were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 9
https://access.redhat.com/errata/RHSA-2023:2458

kernel-rt in Red Hat Enterprise Linux 9
https://access.redhat.com/errata/RHSA-2023:2148

Comment 7 errata-xmlrpc 2024-04-02 15:55:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1607 https://access.redhat.com/errata/RHSA-2024:1607

Comment 8 errata-xmlrpc 2024-04-02 17:21:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1614 https://access.redhat.com/errata/RHSA-2024:1614

Comment 9 errata-xmlrpc 2024-04-03 00:30:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1653 https://access.redhat.com/errata/RHSA-2024:1653

Comment 11 errata-xmlrpc 2024-04-16 14:53:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1840 https://access.redhat.com/errata/RHSA-2024:1840

Comment 12 errata-xmlrpc 2024-04-16 15:03:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1836 https://access.redhat.com/errata/RHSA-2024:1836

Comment 15 errata-xmlrpc 2024-04-30 16:59:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2621 https://access.redhat.com/errata/RHSA-2024:2621


Note You need to log in before you can comment on or make changes to this bug.