#VU93654 Improper error handling in Linux kernel - CVE-2021-47145


Vulnerability identifier: #VU93654

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47145

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the link_to_fixup_dir() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf
https://git.kernel.org/stable/c/e934c4ee17b33bafb0444f2f9766cda7166d3c40
https://git.kernel.org/stable/c/0eaf383c6a4a83c09f60fd07a1bea9f1a9181611
https://git.kernel.org/stable/c/6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa
https://git.kernel.org/stable/c/0ed102453aa1cd12fefde8f6b60b9519b0b1f003
https://git.kernel.org/stable/c/7e13db503918820e6333811cdc6f151dcea5090a
https://git.kernel.org/stable/c/b545442133580dcb2f2496133bf850824d41255c
https://git.kernel.org/stable/c/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Improper error handling in Linux kernel btrfs