cve-2021-47458
Vulnerability from cvelistv5
Published
2024-05-22 06:19
Modified
2024-11-04 12:06
Severity ?
Summary
ocfs2: mount fails with buffer overflow in strlen
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47458",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T18:55:25.437565Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T18:55:34.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ac011cb3ff7a",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "4b74ddcc22ee",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "232ed9752510",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7623b1035ca2",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "d3a83576378b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "93be0eeea14c",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "0e677ea5b739",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "b15fa9224e6e",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.288",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: mount fails with buffer overflow in strlen\n\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\ntrace below.  Problem seems to be that strings for cluster stack and\ncluster name are not guaranteed to be null terminated in the disk\nrepresentation, while strlcpy assumes that the source string is always\nnull terminated.  This causes a read outside of the source string\ntriggering the buffer overflow detection.\n\n  detected buffer overflow in strlen\n  ------------[ cut here ]------------\n  kernel BUG at lib/string.c:1149!\n  invalid opcode: 0000 [#1] SMP PTI\n  CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\n    Debian 5.14.6-2\n  RIP: 0010:fortify_panic+0xf/0x11\n  ...\n  Call Trace:\n   ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\n   ocfs2_fill_super+0x359/0x19b0 [ocfs2]\n   mount_bdev+0x185/0x1b0\n   legacy_get_tree+0x27/0x40\n   vfs_get_tree+0x25/0xb0\n   path_mount+0x454/0xa20\n   __x64_sys_mount+0x103/0x140\n   do_syscall_64+0x3b/0xc0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:06:20.223Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e"
        },
        {
          "url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498"
        },
        {
          "url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c"
        },
        {
          "url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc"
        }
      ],
      "title": "ocfs2: mount fails with buffer overflow in strlen",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47458",
    "datePublished": "2024-05-22T06:19:46.675Z",
    "dateReserved": "2024-05-21T14:58:30.833Z",
    "dateUpdated": "2024-11-04T12:06:20.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47458\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-22T07:15:10.780\",\"lastModified\":\"2024-05-22T12:46:53.887\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocfs2: mount fails with buffer overflow in strlen\\n\\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\\ntrace below.  Problem seems to be that strings for cluster stack and\\ncluster name are not guaranteed to be null terminated in the disk\\nrepresentation, while strlcpy assumes that the source string is always\\nnull terminated.  This causes a read outside of the source string\\ntriggering the buffer overflow detection.\\n\\n  detected buffer overflow in strlen\\n  ------------[ cut here ]------------\\n  kernel BUG at lib/string.c:1149!\\n  invalid opcode: 0000 [#1] SMP PTI\\n  CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\\n    Debian 5.14.6-2\\n  RIP: 0010:fortify_panic+0xf/0x11\\n  ...\\n  Call Trace:\\n   ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\\n   ocfs2_fill_super+0x359/0x19b0 [ocfs2]\\n   mount_bdev+0x185/0x1b0\\n   legacy_get_tree+0x27/0x40\\n   vfs_get_tree+0x25/0xb0\\n   path_mount+0x454/0xa20\\n   __x64_sys_mount+0x103/0x140\\n   do_syscall_64+0x3b/0xc0\\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ocfs2: el montaje falla con desbordamiento del b\u00fafer en strlen. A partir del kernel 5.11 compilado con CONFIG_FORTIFY_SOURCE, la conexi\u00f3n de un sistema de archivos ocfs2 con una pila de cl\u00faster o2cb o pcmk falla con el siguiente seguimiento. El problema parece ser que no se garantiza que las cadenas para la pila del cl\u00faster y el nombre del cl\u00faster tengan terminaci\u00f3n nula en la representaci\u00f3n del disco, mientras que strlcpy supone que la cadena de origen siempre termina en nulo. Esto provoca una lectura fuera de la cadena de origen que activa la detecci\u00f3n de desbordamiento del b\u00fafer. se detect\u00f3 desbordamiento del b\u00fafer en strlen ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en lib/string.c:1149! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] SMP PTI CPU: 1 PID: 910 Comm: mount.ocfs2 No contaminado 5.14.0-1-amd64 #1 Debian 5.14.6-2 RIP: 0010:fortify_panic+0xf/0x11... Seguimiento de llamadas: ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] ocfs2_fill_super+0x359/0x19b0 [ocfs2] mount_bdev+0x185/0x1b0 Legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 xa20 __x64_sys_mount+0x103/0x140 do_syscall_64+0x3b/0xc0 entrada_SYSCALL_64_after_hwframe+0x44/0xae\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.