Bug 2026485 (CVE-2021-4149) - CVE-2021-4149 kernel: Improper lock operation in btrfs
Summary: CVE-2021-4149 kernel: Improper lock operation in btrfs
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2021-4149
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2026492 2034664
TreeView+ depends on / blocked
 
Reported: 2021-11-24 20:03 UTC by Pedro Sampaio
Modified: 2022-03-23 13:31 UTC (History)
43 users (show)

Fixed In Version: kernel 5.15 rc6
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
Clone Of:
Environment:
Last Closed: 2022-01-18 07:31:13 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2021-11-24 20:03:02 UTC
In the Linux kernel before 5.14, an improper lock operation in btrfs allows users to crash the kernel or deadlock the system. The btrfs is returning to userspace when the lock is still held. In btrfs_alloc_tree_block(), after btrfs_init_new_buffer(), the new extent buffer @buf is locked, but if later operations like adding delayed tree ref fail, the kernel just free @buf without unlocking it, resulting in the deadlock.

References:

https://lkml.org/lkml/2021/10/18/885
https://lkml.org/lkml/2021/9/13/2565

Comment 8 Product Security DevOps Team 2022-01-18 07:31:09 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4149


Note You need to log in before you can comment on or make changes to this bug.