CVE-2021-47433
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/05/2024
Last modified:
25/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
btrfs: fix abort logic in btrfs_replace_file_extents<br />
<br />
Error injection testing uncovered a case where we&#39;d end up with a<br />
corrupt file system with a missing extent in the middle of a file. This<br />
occurs because the if statement to decide if we should abort is wrong.<br />
<br />
The only way we would abort in this case is if we got a ret !=<br />
-EOPNOTSUPP and we called from the file clone code. However the<br />
prealloc code uses this path too. Instead we need to abort if there is<br />
an error, and the only error we _don&#39;t_ abort on is -EOPNOTSUPP and only<br />
if we came from the clone file code.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.75 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.14.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0e309e1152fc34ef75991d9d69b165dbf75bf26c
- https://git.kernel.org/stable/c/0e32a2b85c7d92ece86c17dfef390c5ed79c6378
- https://git.kernel.org/stable/c/4afb912f439c4bc4e6a4f3e7547f2e69e354108f
- https://git.kernel.org/stable/c/0e309e1152fc34ef75991d9d69b165dbf75bf26c
- https://git.kernel.org/stable/c/0e32a2b85c7d92ece86c17dfef390c5ed79c6378
- https://git.kernel.org/stable/c/4afb912f439c4bc4e6a4f3e7547f2e69e354108f