DEBIAN-CVE-2021-47343
- Source
- https://security-tracker.debian.org/tracker/CVE-2021-47343
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47343.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-47343
- Upstream
- Published
- 2024-05-21T15:15:20Z
- Modified
- 2025-09-25T23:25:54.715719Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign newroot only when removal succeeds removeraw() in dmbtreeremove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadowspine::root is uninitialized, but the uninitialized value is still assign to newroot in the end of dmbtreeremove(). For dm-thin, the value of pmd->detailsroot or pmd->root will become an uninitialized value, so if trying to read detailsinfo tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadatallloadie+0x14/0x30 Call Trace: smmetadatacountismorethanone+0xb9/0xe0 dmtmshadowblock+0x52/0x1c0 shadowstep+0x59/0xf0 removeraw+0xb2/0x170 dmbtreeremove+0xf4/0x1c0 dmpooldeletethindevice+0xc3/0x140 poolmessage+0x218/0x2b0 targetmessage+0x251/0x290 ctlioctl+0x1c4/0x4d0 dmctlioctl+0xe/0x20 _x64sysioctl+0x7b/0xb0 dosyscall64+0x40/0xb0 entrySYSCALL64afterhwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source