#VU104713 Improper locking in Linux kernel - CVE-2021-47637

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104713

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47637

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_rename() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1
https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9
https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787
https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5
https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185
https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c
https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper locking in Linux kernel ubifs