Wind River Support Network

HomeDefectsLIN1022-8986
Fixed

LIN1022-8986 : Security Advisory - linux - CVE-2021-47508

Created: May 24, 2024    Updated: Jun 15, 2024
Resolved Date: May 31, 2024
Found In Version: 10.22.33.1
Fix Version: 10.22.33.17
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:btrfs: free exchange changeset on failuresFstests runs on my VMs have show several kmemleak reports like the following.  unreferenced object 0xffff88811ae59080 (size 64):    comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s)    hex dump (first 32 bytes):      00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00  ................      90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff  ................    backtrace:      <00000000ac0176d2>] ulist_add_merge+0x60/0x150 [btrfs]      [<0000000076e9f312>] set_state_bits+0x86/0xc0 [btrfs]      [<0000000014fe73d6>] set_extent_bit+0x270/0x690 [btrfs]      [<000000004f675208>] set_record_extent_bits+0x19/0x20 [btrfs]      [<00000000b96137b1>] qgroup_reserve_data+0x274/0x310 [btrfs]      [<0000000057e9dcbb>] btrfs_check_data_free_space+0x5c/0xa0 [btrfs]      [<0000000019c4511d>] btrfs_delalloc_reserve_space+0x1b/0xa0 [btrfs]      [<000000006d37e007>] btrfs_dio_iomap_begin+0x415/0x970 [btrfs]      [<00000000fb8a74b8>] iomap_iter+0x161/0x1e0      [<0000000071dff6ff>] __iomap_dio_rw+0x1df/0x700      [<000000002567ba53>] iomap_dio_rw+0x5/0x20      [<0000000072e555f8>] btrfs_file_write_iter+0x290/0x530 [btrfs]      [<000000005eb3d845>] new_sync_write+0x106/0x180      [<000000003fb505bf>] vfs_write+0x24d/0x2f0      [<000000009bb57d37>] __x64_sys_pwrite64+0x69/0xa0      [<000000003eba3fdf>] do_syscall_64+0x43/0x90In case brtfs_qgroup_reserve_data() or btrfs_delalloc_reserve_metadata()fail the allocated extent_changeset will not be freed.So in btrfs_check_data_free_space() and btrfs_delalloc_reserve_space()free the allocated extent_changeset to get rid of the allocated memory.The issue currently only happens in the direct IO write path, but onlyafter 65b3c08606e5 ("btrfs: fix ENOSPC failure when attempting direct IOwrite into NOCOW range"), and also at defrag_one_locked_target(). Everyother place is always calling extent_changeset_free() even if its callto btrfs_delalloc_reserve_space() or btrfs_check_data_free_space() hasfailed.

CREATE(Triage):(User=admin) [CVE-2021-47508 (https://nvd.nist.gov/vuln/detail/CVE-2021-47508)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube