NVD

CVE-2021-47254 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595	Patch
https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595	Patch
https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4	Patch
https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4	Patch
https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2	Patch
https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2	Patch
https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4	Patch
https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4	Patch
https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d	Patch
https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d	Patch
https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a	Patch
https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a	Patch
https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c	Patch
https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c	Patch
https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553	Patch
https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-416	Use After Free	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	Up to (excluding) 4.4.274
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.5	Up to (excluding) 4.9.274
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.10	Up to (excluding) 4.14.238
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.15	Up to (excluding) 4.19.196
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.20	Up to (excluding) 5.4.127
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.5	Up to (excluding) 5.10.45
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.11	Up to (excluding) 5.12.12
cpe:2.3:o:linux:linux_kernel:5.13:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:5.13:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:5.13:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:5.13:rc4:::::: Show Matching CPE(s)

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Initial Analysis by NIST 12/30/2024 2:50:58 PM

CVE Modified by CVE 11/21/2024 1:35:43 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595
Added	Reference	https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4
Added	Reference	https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2
Added	Reference	https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4
Added	Reference	https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d
Added	Reference	https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a
Added	Reference	https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c
Added	Reference	https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553

New CVE Received from kernel.org 5/21/2024 11:15:14 AM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 642 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across
Added	Reference	kernel.org https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-47254
NVD Published Date:
05/21/2024
NVD Last Modified:
12/30/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2021-47254 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 12/30/2024 2:50:58 PM

CVE Modified by CVE 11/21/2024 1:35:43 AM

CVE Modified by kernel.org 5/28/2024 4:15:51 PM

New CVE Received from kernel.org 5/21/2024 11:15:14 AM

Quick Info