Improper locking in Linux kernel ubifs

Published: 2025-02-26

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2021-47637
CWE-ID	CWE-667
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU104713

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47637

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_rename() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1
https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9
https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787
https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5
https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185
https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c
https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.