SB2024062023 - Use-after-free in Linux kernel md persistent-data driver
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062023
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2021-47600)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6
- https://git.kernel.org/stable/c/66ea642af6fd4eacb5d0271a922130fcf8700424
- https://git.kernel.org/stable/c/b03abd0aa09c05099f537cb05b8460c4298f0861
- https://git.kernel.org/stable/c/293f957be5e39720778fb1851ced7f5fba6d51c3
- https://git.kernel.org/stable/c/501ecd90efdc9b2edc6c28852ecd098a4adf8f00
- https://git.kernel.org/stable/c/0e21e6cd5eebfc929ac5fa3b97ca2d4ace3cb6a3
- https://git.kernel.org/stable/c/607beb420b3fe23b948a9bf447d993521a02fbbb
- https://git.kernel.org/stable/c/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.296
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168