5.5

CVE-2021-47351

ubifs: Fix races between xattr_{set|get} and listxattr operations

In the Linux kernel, the following vulnerability has been resolved:

ubifs: Fix races between xattr_{set|get} and listxattr operations

UBIFS may occur some problems with concurrent xattr_{set|get} and
listxattr operations, such as assertion failure, memory corruption,
stale xattr value[1].

Fix it by importing a new rw-lock in @ubifs_inode to serilize write
operations on xattr, concurrent read operations are still effective,
just like ext4.

[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.27 < 5.4.133
LinuxLinux Kernel Version >= 5.5 < 5.10.51
LinuxLinux Kernel Version >= 5.11 < 5.12.18
LinuxLinux Kernel Version >= 5.13 < 5.13.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.143
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6
Patch
https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08
Patch
https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82
Patch
https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386
Patch
https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5
Patch