{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47351", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.985Z", "datePublished": "2024-05-21T14:35:55.806Z", "dateUpdated": "2024-08-04T05:32:08.560Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:06:27.719Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ubifs/super.c", "fs/ubifs/ubifs.h", "fs/ubifs/xattr.c"], "versions": [{"version": "1e51764a3c2a", "lessThan": "7adc05b73d91", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "38dde03eb239", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "9558612cb829", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "c0756f75c221", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "f4e3634a3b64", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ubifs/super.c", "fs/ubifs/ubifs.h", "fs/ubifs/xattr.c"], "versions": [{"version": "2.6.27", "status": "affected"}, {"version": "0", "lessThan": "2.6.27", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.133", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.51", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.18", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13.3", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"}, {"url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"}, {"url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"}, {"url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"}, {"url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"}], "title": "ubifs: Fix races between xattr_{set|get} and listxattr operations", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T19:01:36.389057Z", "id": "CVE-2021-47351", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T19:01:45.807Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.560Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47351", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.985Z", "datePublished": "2024-05-21T14:35:55.806Z", "dateUpdated": "2024-06-11T19:01:45.807Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:06:27.719Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ubifs/super.c", "fs/ubifs/ubifs.h", "fs/ubifs/xattr.c"], "versions": [{"version": "1e51764a3c2a", "lessThan": "7adc05b73d91", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "38dde03eb239", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "9558612cb829", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "c0756f75c221", "status": "affected", "versionType": "git"}, {"version": "1e51764a3c2a", "lessThan": "f4e3634a3b64", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ubifs/super.c", "fs/ubifs/ubifs.h", "fs/ubifs/xattr.c"], "versions": [{"version": "2.6.27", "status": "affected"}, {"version": "0", "lessThan": "2.6.27", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.133", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.51", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.18", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13.3", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"}, {"url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"}, {"url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"}, {"url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"}, {"url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"}], "title": "ubifs: Fix races between xattr_{set|get} and listxattr operations", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T19:01:36.389057Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T19:01:42.497Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: corrige ejecuci\u00f3ns entre las operaciones xattr_{set|get} y listxattr. UBIFS puede producir algunos problemas con las operaciones xattr_{set|get} y listxattr simult\u00e1neas, como fallas de aserci\u00f3n y corrupci\u00f3n de memoria. , valor xattr obsoleto [1]. Soluc\u00f3nelo importando un nuevo rw-lock en @ubifs_inode para serializar las operaciones de escritura en xattr, las operaciones de lectura simult\u00e1neas siguen siendo efectivas, al igual que ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"}], "id": "CVE-2021-47351", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:21.553", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ubifs: Fix races between xattr_{set|get} and listxattr operations", "id": "2282402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282402"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nubifs: Fix races between xattr_{set|get} and listxattr operations\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com", "A vulnerability was found in the Linux kernel's UBIFS file system, where concurrent operations to set or get extended attributes (xattrs) and list xattrs could lead to assertion failures or memory corruption. This problem arises because the system does not properly handle simultaneous read and write requests, potentially causing stale xattr values or other inconsistencies."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47351", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47351\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47351\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47351-8e6c@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.133, kernel 5.10.51, kernel 5.12.18, kernel 5.13.3, kernel 5.14"}