CVE-2021-47254 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595
https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4
https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2
https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4
https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d
https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a
https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c
https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553
https://nvd.nist.gov/vuln/detail/CVE-2021-47254
https://www.cve.org/CVERecord?id=CVE-2021-47254

History

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:19:49.475Z

Updated: 2024-11-04T12:02:22.956Z

Reserved: 2024-04-10T18:59:19.539Z

Link: CVE-2021-47254

Vulnrichment

Updated: 2024-08-04T05:32:07.867Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:14.233

Modified: 2024-05-21T16:54:26.047

Link: CVE-2021-47254

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47254 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47254", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-04-10T18:59:19.539Z", "datePublished": "2024-05-21T14:19:49.475Z", "dateUpdated": "2024-11-04T12:02:22.956Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:02:22.956Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix use-after-free in gfs2_glock_shrink_scan\n\nThe GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to\nremove the glock from the lru list in __gfs2_glock_put().\n\nOn the shrink scan path, the same flag is cleared under lru_lock but because\nof cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the\nput side can be made without deleting the glock from the lru list.\n\nKeep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to\nensure correct behavior on both sides - clear GLF_LRU after list_del under\nlru_lock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/gfs2/glock.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "38ce32953450", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "92869945cc5b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0364742decb0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "094bf5670e76", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "86fd5b27db74", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a61156314b66", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e87ef30fe73e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1ab19c5de4c5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/gfs2/glock.c"], "versions": [{"version": "4.4.274", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.274", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.238", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.196", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.127", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.45", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.12", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4"}, {"url": "https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a"}, {"url": "https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595"}, {"url": "https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4"}, {"url": "https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d"}, {"url": "https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c"}, {"url": "https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553"}, {"url": "https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2"}], "title": "gfs2: Fix use-after-free in gfs2_glock_shrink_scan", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:37:55.520472Z", "id": "CVE-2021-47254", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:42.605Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.867Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.867Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47254", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:37:55.520472Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:37:56.479Z"}}], "cna": {"title": "gfs2: Fix use-after-free in gfs2_glock_shrink_scan", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "38ce32953450", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "92869945cc5b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0364742decb0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "094bf5670e76", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "86fd5b27db74", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a61156314b66", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e87ef30fe73e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1ab19c5de4c5", "versionType": "git"}], "programFiles": ["fs/gfs2/glock.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.4.274", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.274", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.238", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.196", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.127", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.45", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.12", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/gfs2/glock.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4"}, {"url": "https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a"}, {"url": "https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595"}, {"url": "https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4"}, {"url": "https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d"}, {"url": "https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c"}, {"url": "https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553"}, {"url": "https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix use-after-free in gfs2_glock_shrink_scan\n\nThe GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to\nremove the glock from the lru list in __gfs2_glock_put().\n\nOn the shrink scan path, the same flag is cleared under lru_lock but because\nof cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the\nput side can be made without deleting the glock from the lru list.\n\nKeep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to\nensure correct behavior on both sides - clear GLF_LRU after list_del under\nlru_lock."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:02:22.956Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47254", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:02:22.956Z", "dateReserved": "2024-04-10T18:59:19.539Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:49.475Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix use-after-free in gfs2_glock_shrink_scan\n\nThe GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to\nremove the glock from the lru list in __gfs2_glock_put().\n\nOn the shrink scan path, the same flag is cleared under lru_lock but because\nof cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the\nput side can be made without deleting the glock from the lru list.\n\nKeep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to\nensure correct behavior on both sides - clear GLF_LRU after list_del under\nlru_lock."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: corrige use-after-free en gfs2_glock_shrink_scan. El indicador GLF_LRU se marca en lru_lock en gfs2_glock_remove_from_lru() para eliminar el glock de la lista lru en __gfs2_glock_put(). En la ruta de escaneo de reducci\u00f3n, la misma bandera se borra en lru_lock pero debido a cond_resched_lock(&lru_lock) en gfs2_dispose_glock_lru(), se puede avanzar en el lado de venta sin eliminar la glock de la lista de lru. Mantenga GLF_LRU en la ventana de ejecuci\u00f3n abierta por cond_resched_lock(&lru_lock) para garantizar un comportamiento correcto en ambos lados; borre GLF_LRU despu\u00e9s de list_del en lru_lock."}], "id": "CVE-2021-47254", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:14.233", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: gfs2: Fix use-after-free in gfs2_glock_shrink_scan", "id": "2282556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282556"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ngfs2: Fix use-after-free in gfs2_glock_shrink_scan\nThe GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to\nremove the glock from the lru list in __gfs2_glock_put().\nOn the shrink scan path, the same flag is cleared under lru_lock but because\nof cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the\nput side can be made without deleting the glock from the lru list.\nKeep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to\nensure correct behavior on both sides - clear GLF_LRU after list_del under\nlru_lock.", "A vulnerability was found in Linux kernel's GFS2 file system, in the gfs2_glock_shrink_scan function, causing a use-after-free issue. This problem occurs when a lock object is incorrectly handled, potentially leading to memory corruption"], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47254", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47254\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47254"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.274, kernel 4.9.274, kernel 4.14.238, kernel 4.19.196, kernel 5.4.127, kernel 5.10.45, kernel 5.12.12, kernel 5.13"}