CVE-2021-47351

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/[email protected]

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6	Patch
https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08	Patch
https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82	Patch
https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386	Patch
https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5	Patch
https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6	Patch
https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08	Patch
https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82	Patch
https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386	Patch
https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-05-21 15:15

Updated : 2025-05-12 19:55

NVD link : CVE-2021-47351

Mitre link : CVE-2021-47351

CVE.ORG link : CVE-2021-47351

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-617

Reachable Assertion

CWE-787

Out-of-bounds Write

{"id": "CVE-2021-47351", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:21.553", "references": [{"url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-617"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/[email protected]"}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: corrige ejecuci\u00f3ns entre las operaciones xattr_{set|get} y listxattr. UBIFS puede producir algunos problemas con las operaciones xattr_{set|get} y listxattr simult\u00e1neas, como fallas de aserci\u00f3n y corrupci\u00f3n de memoria. , valor xattr obsoleto [1]. Soluc\u00f3nelo importando un nuevo rw-lock en @ubifs_inode para serializar las operaciones de escritura en xattr, las operaciones de lectura simult\u00e1neas siguen siendo efectivas, al igual que ext4. [1] https://lore.kernel.org/linux-mtd/[email protected]"}], "lastModified": "2025-05-12T19:55:22.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1294CBBF-0C34-4217-91B6-A4A44E42A4DC", "versionEndExcluding": "5.4.133", "versionStartIncluding": "2.6.27"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93289127-DFB3-4515-89DD-50521FF8B7FF", "versionEndExcluding": "5.10.51", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79D13C82-E06F-4A70-A3D1-C09494FBC94D", "versionEndExcluding": "5.12.18", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C", "versionEndExcluding": "5.13.3", "versionStartIncluding": "5.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}