CVE-2021-47221 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

mm/slub: actually fix freelist pointer vs redzoning

It turns out that SLUB redzoning ("slub_debug=Z") checks from
s->object_size rather than from s->inuse (which is normally bumped to
make room for the freelist pointer), so a cache created with an object
size less than 24 would have the freelist pointer written beyond
s->object_size, causing the redzone to be corrupted by the freelist
pointer. This was very visible with "slub_debug=ZF":

BUG test (Tainted: G B ): Right Redzone overwritten
-----------------------------------------------------------------------------

INFO: 0xffff957ead1c05de-0xffff957ead1c05df @offset=1502. First byte 0x1a instead of 0xbb
INFO: Slab 0xffffef3950b47000 objects=170 used=170 fp=0x0000000000000000 flags=0x8000000000000200
INFO: Object 0xffff957ead1c05d8 @offset=1496 fp=0xffff957ead1c0620

Redzone (____ptrval____): bb bb bb bb bb bb bb bb ........
Object (____ptrval____): 00 00 00 00 00 f6 f4 a5 ........
Redzone (____ptrval____): 40 1d e8 1a aa @....
Padding (____ptrval____): 00 00 00 00 00 00 00 00 ........

Adjust the offset to stay within s->object_size.

(Note that no caches of in this size range are known to exist in the
kernel currently.)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc6::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-0:4.18.0-477.10.1.el8_8	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:2951	2023-05-16T00:00:00Z

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/ce6e8bee7a3883e8008b30f5887dbb426aac6a35
https://git.kernel.org/stable/c/e41a49fadbc80b60b48d3c095d9e2ee7ef7c9a8e
https://git.kernel.org/stable/c/f6ed2357541612a13a5841b3af4dc32ed984a25f
https://lore.kernel.org/linux-cve-announce/2024052135-CVE-2021-47221-4e17@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47221
https://www.cve.org/CVERecord?id=CVE-2021-47221

History

Tue, 29 Apr 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-763
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc6::::::
Vendors & Products		Linux Linux linux Kernel

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:19:27.553Z

Updated: 2025-05-04T07:06:36.156Z

Reserved: 2024-04-10T18:59:19.529Z

Link: CVE-2021-47221

Vulnrichment

Updated: 2024-08-04T05:32:07.427Z

NVD

Status : Analyzed

Published: 2024-05-21T15:15:11.380

Modified: 2025-04-29T19:07:02.250

Link: CVE-2021-47221

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47221 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object