{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47458", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.833Z", "datePublished": "2024-05-22T06:19:46.675Z", "dateUpdated": "2024-11-04T12:06:20.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:06:20.223Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: mount fails with buffer overflow in strlen\n\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\ntrace below. Problem seems to be that strings for cluster stack and\ncluster name are not guaranteed to be null terminated in the disk\nrepresentation, while strlcpy assumes that the source string is always\nnull terminated. This causes a read outside of the source string\ntriggering the buffer overflow detection.\n\n detected buffer overflow in strlen\n ------------[ cut here ]------------\n kernel BUG at lib/string.c:1149!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\n Debian 5.14.6-2\n RIP: 0010:fortify_panic+0xf/0x11\n ...\n Call Trace:\n ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\n ocfs2_fill_super+0x359/0x19b0 [ocfs2]\n mount_bdev+0x185/0x1b0\n legacy_get_tree+0x27/0x40\n vfs_get_tree+0x25/0xb0\n path_mount+0x454/0xa20\n __x64_sys_mount+0x103/0x140\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ocfs2/super.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "ac011cb3ff7a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4b74ddcc22ee", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "232ed9752510", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7623b1035ca2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d3a83576378b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "93be0eeea14c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0e677ea5b739", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b15fa9224e6e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ocfs2/super.c"], "versions": [{"version": "4.4.290", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.288", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.253", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.214", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.156", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.76", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.15", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb"}, {"url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e"}, {"url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498"}, {"url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1"}, {"url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c"}, {"url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad"}, {"url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f"}, {"url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc"}], "title": "ocfs2: mount fails with buffer overflow in strlen", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T18:55:25.437565Z", "id": "CVE-2021-47458", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:55:34.667Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.133Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.133Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47458", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T18:55:25.437565Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:55:31.951Z"}}], "cna": {"title": "ocfs2: mount fails with buffer overflow in strlen", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "ac011cb3ff7a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4b74ddcc22ee", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "232ed9752510", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7623b1035ca2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d3a83576378b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "93be0eeea14c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0e677ea5b739", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b15fa9224e6e", "versionType": "git"}], "programFiles": ["fs/ocfs2/super.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.4.290", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.288", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.253", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.214", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.156", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.76", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.15", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ocfs2/super.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb"}, {"url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e"}, {"url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498"}, {"url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1"}, {"url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c"}, {"url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad"}, {"url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f"}, {"url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: mount fails with buffer overflow in strlen\n\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\ntrace below. Problem seems to be that strings for cluster stack and\ncluster name are not guaranteed to be null terminated in the disk\nrepresentation, while strlcpy assumes that the source string is always\nnull terminated. This causes a read outside of the source string\ntriggering the buffer overflow detection.\n\n detected buffer overflow in strlen\n ------------[ cut here ]------------\n kernel BUG at lib/string.c:1149!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\n Debian 5.14.6-2\n RIP: 0010:fortify_panic+0xf/0x11\n ...\n Call Trace:\n ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\n ocfs2_fill_super+0x359/0x19b0 [ocfs2]\n mount_bdev+0x185/0x1b0\n legacy_get_tree+0x27/0x40\n vfs_get_tree+0x25/0xb0\n path_mount+0x454/0xa20\n __x64_sys_mount+0x103/0x140\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:06:20.223Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47458", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:06:20.223Z", "dateReserved": "2024-05-21T14:58:30.833Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-22T06:19:46.675Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: mount fails with buffer overflow in strlen\n\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\ntrace below. Problem seems to be that strings for cluster stack and\ncluster name are not guaranteed to be null terminated in the disk\nrepresentation, while strlcpy assumes that the source string is always\nnull terminated. This causes a read outside of the source string\ntriggering the buffer overflow detection.\n\n detected buffer overflow in strlen\n ------------[ cut here ]------------\n kernel BUG at lib/string.c:1149!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\n Debian 5.14.6-2\n RIP: 0010:fortify_panic+0xf/0x11\n ...\n Call Trace:\n ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\n ocfs2_fill_super+0x359/0x19b0 [ocfs2]\n mount_bdev+0x185/0x1b0\n legacy_get_tree+0x27/0x40\n vfs_get_tree+0x25/0xb0\n path_mount+0x454/0xa20\n __x64_sys_mount+0x103/0x140\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ocfs2: el montaje falla con desbordamiento del b\u00fafer en strlen. A partir del kernel 5.11 compilado con CONFIG_FORTIFY_SOURCE, la conexi\u00f3n de un sistema de archivos ocfs2 con una pila de cl\u00faster o2cb o pcmk falla con el siguiente seguimiento. El problema parece ser que no se garantiza que las cadenas para la pila del cl\u00faster y el nombre del cl\u00faster tengan terminaci\u00f3n nula en la representaci\u00f3n del disco, mientras que strlcpy supone que la cadena de origen siempre termina en nulo. Esto provoca una lectura fuera de la cadena de origen que activa la detecci\u00f3n de desbordamiento del b\u00fafer. se detect\u00f3 desbordamiento del b\u00fafer en strlen ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en lib/string.c:1149! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] SMP PTI CPU: 1 PID: 910 Comm: mount.ocfs2 No contaminado 5.14.0-1-amd64 #1 Debian 5.14.6-2 RIP: 0010:fortify_panic+0xf/0x11... Seguimiento de llamadas: ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] ocfs2_fill_super+0x359/0x19b0 [ocfs2] mount_bdev+0x185/0x1b0 Legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 xa20 __x64_sys_mount+0x103/0x140 do_syscall_64+0x3b/0xc0 entrada_SYSCALL_64_after_hwframe+0x44/0xae"}], "id": "CVE-2021-47458", "lastModified": "2024-05-22T12:46:53.887", "metrics": {}, "published": "2024-05-22T07:15:10.780", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ocfs2: mount fails with buffer overflow in strlen", "id": "2282900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282900"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nocfs2: mount fails with buffer overflow in strlen\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\ntrace below. Problem seems to be that strings for cluster stack and\ncluster name are not guaranteed to be null terminated in the disk\nrepresentation, while strlcpy assumes that the source string is always\nnull terminated. This causes a read outside of the source string\ntriggering the buffer overflow detection.\ndetected buffer overflow in strlen\n------------[ cut here ]------------\nkernel BUG at lib/string.c:1149!\ninvalid opcode: 0000 [#1] SMP PTI\nCPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\nDebian 5.14.6-2\nRIP: 0010:fortify_panic+0xf/0x11\n...\nCall Trace:\nocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\nocfs2_fill_super+0x359/0x19b0 [ocfs2]\nmount_bdev+0x185/0x1b0\nlegacy_get_tree+0x27/0x40\nvfs_get_tree+0x25/0xb0\npath_mount+0x454/0xa20\n__x64_sys_mount+0x103/0x140\ndo_syscall_64+0x3b/0xc0\nentry_SYSCALL_64_after_hwframe+0x44/0xae", "A buffer overflow vulnerability was found in the `ocfs2` filesystem driver in the Linux kernel. This issue occurs due to improper handling of string lengths in the `strlen` function, which can lead to system crashes or arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47458", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47458\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47458\nhttps://lore.kernel.org/linux-cve-announce/2024052244-CVE-2021-47458-545c@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.290, kernel 4.9.288, kernel 4.14.253, kernel 4.19.214, kernel 5.4.156, kernel 5.10.76, kernel 5.14.15, kernel 5.15"}