CVE-2021-47432 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.57.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2270	2025-03-05T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac
https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0
https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437
https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c
https://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47432-5e69@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47432
https://www.cve.org/CVERecord?id=CVE-2021-47432

History

Wed, 02 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-190
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Wed, 05 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4
Vendors & Products		Redhat rhel Eus

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Thu, 31 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Sep 2024 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:30:36.904Z

Updated: 2024-12-19T07:41:52.257Z

Reserved: 2024-05-21T14:58:30.829Z

Link: CVE-2021-47432

Vulnrichment

Updated: 2024-08-04T05:39:59.326Z

NVD

Status : Analyzed

Published: 2024-05-21T16:15:12.007

Modified: 2025-04-02T14:51:30.763

Link: CVE-2021-47432

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47432 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47432", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.829Z", "datePublished": "2024-05-21T15:30:36.904Z", "dateUpdated": "2024-12-19T07:41:52.257Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:41:52.257Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/generic-radix-tree.h", "lib/generic-radix-tree.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "784d01f9bbc282abb0c5ade5beb98a87f50343ac", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ec298b958cb0c40d70c68079da933c8f31c5134c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "aa7f1827953100cdde0795289a80c6c077bfe437", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9492261ff2460252cf2d8de89cdf854c7e2b28a0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/generic-radix-tree.h", "lib/generic-radix-tree.c"], "versions": [{"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"}, {"url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"}, {"url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"}, {"url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"}], "title": "lib/generic-radix-tree.c: Don't overflow in peek()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-29T17:47:48.909736Z", "id": "CVE-2021-47432", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T15:31:57.716Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.326Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.326Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-47432", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T17:47:48.909736Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T17:47:56.925Z"}}], "cna": {"title": "lib/generic-radix-tree.c: Don't overflow in peek()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "784d01f9bbc282abb0c5ade5beb98a87f50343ac", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ec298b958cb0c40d70c68079da933c8f31c5134c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "aa7f1827953100cdde0795289a80c6c077bfe437", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9492261ff2460252cf2d8de89cdf854c7e2b28a0", "versionType": "git"}], "programFiles": ["include/linux/generic-radix-tree.h", "lib/generic-radix-tree.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.64", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/linux/generic-radix-tree.h", "lib/generic-radix-tree.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"}, {"url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"}, {"url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"}, {"url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:41:52.257Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47432", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:41:52.257Z", "dateReserved": "2024-05-21T14:58:30.829Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:30:36.904Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8093658-5835-493E-9047-EEC6269C0BB1", "versionEndExcluding": "6.1.64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4", "versionEndExcluding": "6.5.13", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0", "versionEndExcluding": "6.6.3", "versionStartIncluding": "6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: lib/generic-radix-tree.c: No se desborda en peek() Cuando comenzamos a distribuir nuevos n\u00fameros de inodos en la mayor parte del espacio de inodos de 64 bits, eso activ\u00f3 algunas esquinas. errores de casos, en particular algunos desbordamientos de enteros relacionados con el c\u00f3digo del \u00e1rbol de base. Ups."}], "id": "CVE-2021-47432", "lastModified": "2025-04-02T14:51:30.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T16:15:12.007", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2025:2270", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.57.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-05T00:00:00Z"}], "bugzilla": {"description": "kernel: lib/generic-radix-tree.c: Don't overflow in peek()", "id": "2282366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282366"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nlib/generic-radix-tree.c: Don't overflow in peek()\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops."], "name": "CVE-2021-47432", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47432\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47432\nhttps://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47432-5e69@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object