CVE-2021-47113
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
15/03/2024
Last modified:
13/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
btrfs: abort in rename_exchange if we fail to insert the second ref<br />
<br />
Error injection stress uncovered a problem where we&#39;d leave a dangling<br />
inode ref if we failed during a rename_exchange. This happens because<br />
we insert the inode ref for one side of the rename, and then for the<br />
other side. If this second inode ref insert fails we&#39;ll leave the first<br />
one dangling and leave a corrupt file system behind. Fix this by<br />
aborting if we did the insert for the first inode ref.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.43 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.12.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932
- https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5
- https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b
- https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932
- https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5
- https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b