cve-2021-47113
Vulnerability from cvelistv5
Published
2024-03-15 20:14
Modified
2024-11-04 11:59
Severity ?
EPSS score ?
Summary
btrfs: abort in rename_exchange if we fail to insert the second ref
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47113", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-18T15:16:26.695834Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:51.773Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.855Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0df50d47d174", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ff8de2cec65a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "dc09ef356272", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.43", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.10", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort in rename_exchange if we fail to insert the second ref\n\nError injection stress uncovered a problem where we\u0027d leave a dangling\ninode ref if we failed during a rename_exchange. This happens because\nwe insert the inode ref for one side of the rename, and then for the\nother side. If this second inode ref insert fails we\u0027ll leave the first\none dangling and leave a corrupt file system behind. Fix this by\naborting if we did the insert for the first inode ref." } ], "providerMetadata": { "dateUpdated": "2024-11-04T11:59:39.913Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932" }, { "url": "https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b" }, { "url": "https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5" } ], "title": "btrfs: abort in rename_exchange if we fail to insert the second ref", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47113", "datePublished": "2024-03-15T20:14:21.300Z", "dateReserved": "2024-03-04T18:12:48.836Z", "dateUpdated": "2024-11-04T11:59:39.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-47113\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-15T21:15:06.673\",\"lastModified\":\"2024-03-17T22:38:29.433\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: abort in rename_exchange if we fail to insert the second ref\\n\\nError injection stress uncovered a problem where we\u0027d leave a dangling\\ninode ref if we failed during a rename_exchange. This happens because\\nwe insert the inode ref for one side of the rename, and then for the\\nother side. If this second inode ref insert fails we\u0027ll leave the first\\none dangling and leave a corrupt file system behind. Fix this by\\naborting if we did the insert for the first inode ref.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs: abortar en rename_exchange si no logramos insertar la segunda referencia. El error de inyecci\u00f3n de estr\u00e9s descubri\u00f3 un problema en el que dejar\u00edamos una referencia de inodo colgante si fall\u00e1bamos durante un rename_exchange. Esto sucede porque insertamos la referencia del inodo para un lado del cambio de nombre y luego para el otro lado. Si esta segunda inserci\u00f3n de referencia de inodo falla, dejaremos el primero colgando y dejaremos un sistema de archivos corrupto. Solucione este problema abortando si hicimos la inserci\u00f3n para la primera referencia de inodo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.