Lucene search

K
vulnrichmentLinuxVULNRICHMENT:CVE-2021-47254
HistoryMay 21, 2024 - 2:19 p.m.

CVE-2021-47254 gfs2: Fix use-after-free in gfs2_glock_shrink_scan

2024-05-2114:19:49
Linux
github.com
6
linux kernel
gfs2_glock_shrink_scan
vulnerability
glf_lru flag
lru_lock
gfs2_glock_remove_from_lru
cond_resched_lock
gfs2_dispose_glock_lru
list_del

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

13.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Fix use-after-free in gfs2_glock_shrink_scan

The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to
remove the glock from the lru list in __gfs2_glock_put().

On the shrink scan path, the same flag is cleared under lru_lock but because
of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the
put side can be made without deleting the glock from the lru list.

Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to
ensure correct behavior on both sides - clear GLF_LRU after list_del under
lru_lock.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "38ce32953450",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "92869945cc5b",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "0364742decb0",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "094bf5670e76",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "86fd5b27db74",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "a61156314b66",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "e87ef30fe73e",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "1ab19c5de4c5",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "fs/gfs2/glock.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "unaffected",
        "version": "4.4.274",
        "versionType": "custom",
        "lessThanOrEqual": "4.4.*"
      },
      {
        "status": "unaffected",
        "version": "4.9.274",
        "versionType": "custom",
        "lessThanOrEqual": "4.9.*"
      },
      {
        "status": "unaffected",
        "version": "4.14.238",
        "versionType": "custom",
        "lessThanOrEqual": "4.14.*"
      },
      {
        "status": "unaffected",
        "version": "4.19.196",
        "versionType": "custom",
        "lessThanOrEqual": "4.19.*"
      },
      {
        "status": "unaffected",
        "version": "5.4.127",
        "versionType": "custom",
        "lessThanOrEqual": "5.4.*"
      },
      {
        "status": "unaffected",
        "version": "5.10.45",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.12.12",
        "versionType": "custom",
        "lessThanOrEqual": "5.12.*"
      },
      {
        "status": "unaffected",
        "version": "5.13",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "fs/gfs2/glock.c"
    ],
    "defaultStatus": "affected"
  }
]

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

13.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial