cve-2021-47066
Vulnerability from cvelistv5
Published
2024-02-29 22:37
Modified
2024-11-04 11:58
Severity ?
Summary
async_xor: increase src_offs when dropping destination page
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47066",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-01T15:52:02.729443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:15:26.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/async_tx/async_xor.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cab2e8e5997b",
              "status": "affected",
              "version": "29bcff787a25",
              "versionType": "git"
            },
            {
              "lessThan": "29ffa50f33de",
              "status": "affected",
              "version": "29bcff787a25",
              "versionType": "git"
            },
            {
              "lessThan": "53f8208e11ab",
              "status": "affected",
              "version": "29bcff787a25",
              "versionType": "git"
            },
            {
              "lessThan": "ceaf2966ab08",
              "status": "affected",
              "version": "29bcff787a25",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/async_tx/async_xor.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nasync_xor: increase src_offs when dropping destination page\n\nNow we support sharing one page if PAGE_SIZE is not equal stripe size. To\nsupport this, it needs to support calculating xor value with different\noffsets for each r5dev. One offset array is used to record those offsets.\n\nIn RMW mode, parity page is used as a source page. It sets\nASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.\nSo it needs to add src_list and src_offs at the same time. Now it only\nneeds src_list. So the xor value which is calculated is wrong. It can\ncause data corruption problem.\n\nI can reproduce this problem 100% on a POWER8 machine. The steps are:\n\n  mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G\n  mkfs.xfs /dev/md0\n  mount /dev/md0 /mnt/test\n  mount: /mnt/test: mount(2) system call failed: Structure needs cleaning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:58:46.581Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174"
        },
        {
          "url": "https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af"
        },
        {
          "url": "https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18"
        },
        {
          "url": "https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8"
        }
      ],
      "title": "async_xor: increase src_offs when dropping destination page",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47066",
    "datePublished": "2024-02-29T22:37:39.917Z",
    "dateReserved": "2024-02-29T22:33:44.296Z",
    "dateUpdated": "2024-11-04T11:58:46.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47066\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-29T23:15:08.057\",\"lastModified\":\"2024-03-01T14:04:26.010\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nasync_xor: increase src_offs when dropping destination page\\n\\nNow we support sharing one page if PAGE_SIZE is not equal stripe size. To\\nsupport this, it needs to support calculating xor value with different\\noffsets for each r5dev. One offset array is used to record those offsets.\\n\\nIn RMW mode, parity page is used as a source page. It sets\\nASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.\\nSo it needs to add src_list and src_offs at the same time. Now it only\\nneeds src_list. So the xor value which is calculated is wrong. It can\\ncause data corruption problem.\\n\\nI can reproduce this problem 100% on a POWER8 machine. The steps are:\\n\\n  mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G\\n  mkfs.xfs /dev/md0\\n  mount /dev/md0 /mnt/test\\n  mount: /mnt/test: mount(2) system call failed: Structure needs cleaning.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: async_xor: aumenta src_offs al eliminar la p\u00e1gina de destino. Ahora admitimos compartir una p\u00e1gina si PAGE_SIZE no tiene el mismo tama\u00f1o de banda. Para respaldar esto, debe admitir el c\u00e1lculo del valor xor con diferentes compensaciones para cada r5dev. Se utiliza una matriz de desplazamiento para registrar esos desplazamientos. En el modo RMW, la p\u00e1gina de paridad se utiliza como p\u00e1gina de origen. Establece ASYNC_TX_XOR_DROP_DST antes de calcular el valor xor en ops_run_prexor5. Por lo tanto, es necesario agregar src_list y src_offs al mismo tiempo. Ahora s\u00f3lo necesita src_list. Entonces el valor xor que se calcula es incorrecto. Puede causar problemas de corrupci\u00f3n de datos. Puedo reproducir este problema al 100% en una m\u00e1quina POWER8. Los pasos son: mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G mkfs.xfs /dev/md0 mount /dev/md0 /mnt/test mount: /mnt/test: la llamada al sistema mount(2) fall\u00f3: la estructura necesita limpieza.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.