cvelistv5 - cve-2021-46958

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

ghsa-gmfg-g4f3-5fg9

Vulnerability from github

Published

2024-02-27 21:31

Modified

2024-02-27 21:31

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix race between transaction aborts and fsyncs leading to use-after-free

There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an use-after-free of the log root tree. When this happens, it results in a stack trace like the following:

BTRFS info (device dm-0): forced readonly BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5) BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 BTRFS error (device dm-0): error writing primary super block to device 1 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10 BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers) BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x139/0xa40 Code: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002 RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 Code: 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...) ---[ end trace ee2f1b19327d791d ]---

The steps that lead to this crash are the following:

1) We are at transaction N;

2) We have two tasks with a transaction handle attached to transaction N. Task A and Task B. Task B is doing an fsync;

3) Task B is at btrfs_sync_log(), and has saved fs_info->log_root_tree into a local variable named 'log_root_tree' at the top of btrfs_sync_log(). Task B is about to call write_all_supers(), but before that...

4) Task A calls btrfs_commit_transaction(), and after it sets the transaction state to TRANS_STATE_COMMIT_START, an error happens before it w ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-46958"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:06Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---",
  "id": "GHSA-gmfg-g4f3-5fg9",
  "modified": "2024-02-27T21:31:27Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46958"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2021-46958

Vulnerability from gsd

Modified

2024-02-28 06:03

Details

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an use-after-free of the log root tree. When this happens, it results in a stack trace like the following: BTRFS info (device dm-0): forced readonly BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5) BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 BTRFS error (device dm-0): error writing primary super block to device 1 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10 BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers) BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x139/0xa40 Code: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002 RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 Code: 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...) ---[ end trace ee2f1b19327d791d ]--- The steps that lead to this crash are the following: 1) We are at transaction N; 2) We have two tasks with a transaction handle attached to transaction N. Task A and Task B. Task B is doing an fsync; 3) Task B is at btrfs_sync_log(), and has saved fs_info->log_root_tree into a local variable named 'log_root_tree' at the top of btrfs_sync_log(). Task B is about to call write_all_supers(), but before that... 4) Task A calls btrfs_commit_transaction(), and after it sets the transaction state to TRANS_STATE_COMMIT_START, an error happens before it w ---truncated---

Aliases

CVE-2021-46958

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-46958"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---",
      "id": "GSD-2021-46958",
      "modified": "2024-02-28T06:03:57.728737Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-46958",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ef67963dac25",
                          "version_value": "a4794be7b00b"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.7"
                              },
                              {
                                "lessThan": "5.7",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.10.*",
                                "status": "unaffected",
                                "version": "5.10.36",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.11.*",
                                "status": "unaffected",
                                "version": "5.11.20",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.12.*",
                                "status": "unaffected",
                                "version": "5.12.3",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.13",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-1e70cc10feda"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "name": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "name": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          },
          {
            "name": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
          }
        ],
        "id": "CVE-2021-46958",
        "lastModified": "2024-02-28T14:06:45.783",
        "metrics": {},
        "published": "2024-02-27T19:04:06.813",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

wid-sec-w-2024-0500

Vulnerability from csaf_certbund

Published

2024-02-27 23:00

Modified

2024-06-11 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0500 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0500.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0500 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0500"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022715-CVE-2021-46954-b856@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-10-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-7-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-8-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-9-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46955-b50b@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46957-90af@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46958-53ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46960-f5ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46961-6212@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46962-e081@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46964-da8c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46965-3b74@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46966-1469@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46967-c991@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46969-3263@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46971-9534@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46973-20ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46975-248d@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6739-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-12T08:09:46.571+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0500",
      "initial_release_date": "2024-02-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13",
                  "product_id": "T033114",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-46942",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46942"
    },
    {
      "cve": "CVE-2021-46943",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46943"
    },
    {
      "cve": "CVE-2021-46944",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46944"
    },
    {
      "cve": "CVE-2021-46945",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46945"
    },
    {
      "cve": "CVE-2021-46954",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46954"
    },
    {
      "cve": "CVE-2021-46955",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46955"
    },
    {
      "cve": "CVE-2021-46956",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46956"
    },
    {
      "cve": "CVE-2021-46957",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46957"
    },
    {
      "cve": "CVE-2021-46958",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46958"
    },
    {
      "cve": "CVE-2021-46960",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46960"
    },
    {
      "cve": "CVE-2021-46961",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46961"
    },
    {
      "cve": "CVE-2021-46962",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46962"
    },
    {
      "cve": "CVE-2021-46963",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46963"
    },
    {
      "cve": "CVE-2021-46964",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46964"
    },
    {
      "cve": "CVE-2021-46965",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46965"
    },
    {
      "cve": "CVE-2021-46966",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46966"
    },
    {
      "cve": "CVE-2021-46967",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46967"
    },
    {
      "cve": "CVE-2021-46968",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46968"
    },
    {
      "cve": "CVE-2021-46969",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46969"
    },
    {
      "cve": "CVE-2021-46970",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46970"
    },
    {
      "cve": "CVE-2021-46971",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46971"
    },
    {
      "cve": "CVE-2021-46972",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46972"
    },
    {
      "cve": "CVE-2021-46973",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46973"
    },
    {
      "cve": "CVE-2021-46974",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46974"
    },
    {
      "cve": "CVE-2021-46975",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46975"
    }
  ]
}

cve-2021-46958

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2021-46958

Vulnerability from cvelistv5

ghsa-gmfg-g4f3-5fg9

Vulnerability from github

gsd-2021-46958

Vulnerability from gsd

wid-sec-w-2024-0500

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature