CVE-2021-46982

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-46982

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46982.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-46982

Related

UBUNTU-CVE-2021-46982

Published

2024-02-28T09:15:37Z

Modified

2024-12-31T16:08:54Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: compress: fix race condition of overwrite vs truncate

pos_fsstress testcase complains a panic as belew:

------------[ cut here ]------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 [#1] SMP PTI CPU: 4 PID: 2753477 Comm: kworker/u16:2 Tainted: G OE 5.12.0-rc1-custom #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Workqueue: writeback wbworkfn (flush-252:16) RIP: 0010:preparecompressoverwrite+0x4c0/0x760 [f2fs] Call Trace: f2fspreparecompressoverwrite+0x5f/0x80 [f2fs] f2fswritecachepages+0x468/0x8a0 [f2fs] f2fswritedatapages+0x2a4/0x2f0 [f2fs] dowritepages+0x38/0xc0 _writebacksingleinode+0x44/0x2a0 writebacksbinodes+0x223/0x4d0 _writebackinodeswb+0x56/0xf0 wbwriteback+0x1dd/0x290 wbworkfn+0x309/0x500 processonework+0x220/0x3c0 workerthread+0x53/0x420 kthread+0x12f/0x150 retfromfork+0x22/0x30

The root cause is truncate() may race with overwrite as below, so that one reference count left in page can not guarantee the page attaching in mapping tree all the time, after truncation, later findlockpage() may return NULL pointer.

preparecompressoverwrite
- f2fspagecacheget_page
- unlockpage
  - f2fssetattr
    - truncatesetsize
      - truncateinodepage
        
        deletefrompagecache
- findlockpage

Fix this by avoiding referencing updated page.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}