CVE-2021-46945 ext4: always panic when errors=panic is specified

2024-02-2718:40:31

Linux

github.com

linux kernel

ext4 vulnerability

commit 014c9caa29d3

file system

panic

mount option

behavior change

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

ext4: always panic when errors=panic is specified

Before commit 014c9caa29d3 (“ext4: make ext4_abort() use
__ext4_error()”), the following series of commands would trigger a
panic:

mount /dev/sda -o ro,errors=panic test
mount /dev/sda -o remount,abort test

After commit 014c9caa29d3, remounting a file system using the test
mount option “abort” will no longer trigger a panic. This commit will
restore the behaviour immediately before commit 014c9caa29d3.
(However, note that the Linux kernel’s behavior has not been
consistent; some previous kernel versions, including 5.4 and 4.19
similarly did not panic after using the mount option “abort”.)

This also makes a change to long-standing behaviour; namely, the
following series commands will now cause a panic, when previously it
did not:

mount /dev/sda -o ro,errors=panic test
echo test > /sys/fs/ext4/sda/trigger_fs_error

However, this makes ext4’s behaviour much more consistent, so this is
a good thing.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "014c9caa29d3",
        "lessThan": "64e1eebe2131",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "014c9caa29d3",
        "lessThan": "1e9ea8f46370",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "014c9caa29d3",
        "lessThan": "ac2f7ca51b09",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "fs/ext4/super.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.11"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.11",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.11.20",
        "versionType": "custom",
        "lessThanOrEqual": "5.11.*"
      },
      {
        "status": "unaffected",
        "version": "5.12.3",
        "versionType": "custom",
        "lessThanOrEqual": "5.12.*"
      },
      {
        "status": "unaffected",
        "version": "5.13",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "fs/ext4/super.c"
    ],
    "defaultStatus": "affected"
  }
]