{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-46958"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---",
      "id": "GSD-2021-46958",
      "modified": "2024-02-28T06:03:57.728737Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-46958",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ef67963dac25",
                          "version_value": "a4794be7b00b"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.7"
                              },
                              {
                                "lessThan": "5.7",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.10.*",
                                "status": "unaffected",
                                "version": "5.10.36",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.11.*",
                                "status": "unaffected",
                                "version": "5.11.20",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.12.*",
                                "status": "unaffected",
                                "version": "5.12.3",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.13",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-1e70cc10feda"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "name": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "name": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          },
          {
            "name": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
          }
        ],
        "id": "CVE-2021-46958",
        "lastModified": "2024-02-28T14:06:45.783",
        "metrics": {},
        "published": "2024-02-27T19:04:06.813",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0500 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0500.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0500 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0500"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022715-CVE-2021-46954-b856@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-10-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-7-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-8-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-9-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46955-b50b@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46957-90af@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46958-53ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46960-f5ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46961-6212@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46962-e081@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46964-da8c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46965-3b74@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46966-1469@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46967-c991@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46969-3263@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46971-9534@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46973-20ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46975-248d@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6739-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-12T08:09:46.571+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0500",
      "initial_release_date": "2024-02-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13",
                  "product_id": "T033114",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-46942",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46942"
    },
    {
      "cve": "CVE-2021-46943",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46943"
    },
    {
      "cve": "CVE-2021-46944",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46944"
    },
    {
      "cve": "CVE-2021-46945",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46945"
    },
    {
      "cve": "CVE-2021-46954",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46954"
    },
    {
      "cve": "CVE-2021-46955",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46955"
    },
    {
      "cve": "CVE-2021-46956",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46956"
    },
    {
      "cve": "CVE-2021-46957",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46957"
    },
    {
      "cve": "CVE-2021-46958",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46958"
    },
    {
      "cve": "CVE-2021-46960",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46960"
    },
    {
      "cve": "CVE-2021-46961",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46961"
    },
    {
      "cve": "CVE-2021-46962",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46962"
    },
    {
      "cve": "CVE-2021-46963",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46963"
    },
    {
      "cve": "CVE-2021-46964",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46964"
    },
    {
      "cve": "CVE-2021-46965",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46965"
    },
    {
      "cve": "CVE-2021-46966",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46966"
    },
    {
      "cve": "CVE-2021-46967",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46967"
    },
    {
      "cve": "CVE-2021-46968",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46968"
    },
    {
      "cve": "CVE-2021-46969",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46969"
    },
    {
      "cve": "CVE-2021-46970",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46970"
    },
    {
      "cve": "CVE-2021-46971",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46971"
    },
    {
      "cve": "CVE-2021-46972",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46972"
    },
    {
      "cve": "CVE-2021-46973",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46973"
    },
    {
      "cve": "CVE-2021-46974",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46974"
    },
    {
      "cve": "CVE-2021-46975",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-46975"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2021-46958"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:06Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---",
  "id": "GHSA-gmfg-g4f3-5fg9",
  "modified": "2024-02-27T21:31:27Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46958"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}