SB20240603144 - Use of uninitialized resource in Linux kernel md persistent-data driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of uninitialized resource (CVE-ID: CVE-2021-47343)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dm_btree_remove() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc
• https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5
• https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3
• https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5
• https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851
• https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e
• https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9
• https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a
• https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.240
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133