CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at segment.c:2484! Call Trace: allocate_segment_by_default+0x92/0xf0 [f2fs] f2fs_allocate_data_block+0x44b/0x7e0 [f2fs] do_write_page+0x5a/0x110 [f2fs] f2fs_outplace_write_data+0x55/0x100 [f2fs] f2fs_do_write_data_page+0x392/0x850 [f2fs] move_data_page+0x233/0x320 [f2fs] do_garbage_collect+0x14d9/0x1660 [f2fs] free_segment_range+0x1f7/0x310 [f2fs] f2fs_resize_fs+0x118/0x330 [f2fs] __f2fs_ioctl+0x487/0x3680 [f2fs] __x64_sys_ioctl+0x8e/0xd0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The root cause is we forgot to check that whether we have enough space in resized filesystem to store all valid blocks in before-resizing filesystem, then allocator will run out-of-space during block migration in free_segment_range().
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

08 Jan 2025, 17:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/1c20a4896409f5ca1c770e1880c33d0a28a8b10f - () https://git.kernel.org/stable/c/1c20a4896409f5ca1c770e1880c33d0a28a8b10f - Patch
References () https://git.kernel.org/stable/c/3ab0598e6d860ef49d029943ba80f627c15c15d6 - () https://git.kernel.org/stable/c/3ab0598e6d860ef49d029943ba80f627c15c15d6 - Patch
References () https://git.kernel.org/stable/c/822054e5026c43b1dd60cf387dd999e95ee2ecc2 - () https://git.kernel.org/stable/c/822054e5026c43b1dd60cf387dd999e95ee2ecc2 - Patch
References () https://git.kernel.org/stable/c/860afd680d9cc1dabd61cda3cd246f60aa1eb705 - () https://git.kernel.org/stable/c/860afd680d9cc1dabd61cda3cd246f60aa1eb705 - Patch
CWE CWE-754
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux
Linux linux Kernel

21 Nov 2024, 06:35

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige el pánico durante f2fs_resize_fs() f2fs_resize_fs() se bloquea en la pila de llamadas debajo con el caso de prueba: - imagen mkfs de 16 GB y montaje de imagen - dd archivo A de 8 GB - agrega archivo B de 8 GB - sincronización - archivo rm A - sincronización - cambiar el tamaño del sistema de archivos al kernel de 8 GB ¡ERROR en segment.c:2484! Seguimiento de llamadas: allocate_segment_by_default+0x92/0xf0 [f2fs] f2fs_allocate_data_block+0x44b/0x7e0 [f2fs] do_write_page+0x5a/0x110 [f2fs] f2fs_outplace_write_data+0x55/0x100 [f2fs] f2fs_do_write_data_page +0x392/0x850 [f2fs] mover_página_datos+0x233/0x320 [f2fs] ] do_garbage_collect+0x14d9/0x1660 [f2fs] free_segment_range+0x1f7/0x310 [f2fs] f2fs_resize_fs+0x118/0x330 [f2fs] __f2fs_ioctl+0x487/0x3680 [f2fs] __x64_sys_ioct l+0x8e/0xd0 do_syscall_64+0x33/0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 La raíz Porque olvidamos verificar si tenemos suficiente espacio en el sistema de archivos redimensionado para almacenar todos los bloques válidos en el sistema de archivos antes de cambiar el tamaño, entonces el asignador se quedará sin espacio durante la migración de bloques en free_segment_range().
References () https://git.kernel.org/stable/c/1c20a4896409f5ca1c770e1880c33d0a28a8b10f - () https://git.kernel.org/stable/c/1c20a4896409f5ca1c770e1880c33d0a28a8b10f -
References () https://git.kernel.org/stable/c/3ab0598e6d860ef49d029943ba80f627c15c15d6 - () https://git.kernel.org/stable/c/3ab0598e6d860ef49d029943ba80f627c15c15d6 -
References () https://git.kernel.org/stable/c/822054e5026c43b1dd60cf387dd999e95ee2ecc2 - () https://git.kernel.org/stable/c/822054e5026c43b1dd60cf387dd999e95ee2ecc2 -
References () https://git.kernel.org/stable/c/860afd680d9cc1dabd61cda3cd246f60aa1eb705 - () https://git.kernel.org/stable/c/860afd680d9cc1dabd61cda3cd246f60aa1eb705 -

28 Feb 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-28 09:15

Updated : 2025-01-08 17:58


NVD link : CVE-2021-47007

Mitre link : CVE-2021-47007

CVE.ORG link : CVE-2021-47007


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions