5.5
CVE-2021-47351
- EPSS 0.24%
- Veröffentlicht 21.05.2024 15:15:21
- Zuletzt bearbeitet 12.05.2025 19:55:22
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ubifs: Fix races between xattr_{set|get} and listxattr operations
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix races between xattr_{set|get} and listxattr operations
UBIFS may occur some problems with concurrent xattr_{set|get} and
listxattr operations, such as assertion failure, memory corruption,
stale xattr value[1].
Fix it by importing a new rw-lock in @ubifs_inode to serilize write
operations on xattr, concurrent read operations are still effective,
just like ext4.
[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.comDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.27 < 5.4.133
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.51
Linux ≫ Linux Kernel Version >= 5.11 < 5.12.18
Linux ≫ Linux Kernel Version >= 5.13 < 5.13.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.143 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6
https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08
https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82
https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386
https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5