NVD

CVE-2021-47254 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553	CVE, kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-416	Use After Free	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

Modified Analysis by NIST 1/27/2026 2:37:29 PM

Action

Type

Old Value

New Value

Changed

CPE Configuration

OR
          *cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.196
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.4.274
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.238
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.274
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.12.12
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.45
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.127

OR
          *cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.12.12
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.45
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.123 up to (excluding) 4.14.238
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.47 up to (excluding) 4.19.196
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.181 up to (excluding) 4.4.274
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.180 up to (excluding) 4.9.274
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.0.20 up to (excluding) 5.1
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.1.6 up to (excluding) 5.4.127

Initial Analysis by NIST 12/30/2024 2:50:58 PM

CVE Modified by CVE 11/21/2024 1:35:43 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595
Added	Reference	https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4
Added	Reference	https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2
Added	Reference	https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4
Added	Reference	https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d
Added	Reference	https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a
Added	Reference	https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c
Added	Reference	https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553

New CVE Received from kernel.org 5/21/2024 11:15:14 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock.
Added	Reference	kernel.org https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a6c059b2 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-47254
NVD Published Date:
05/21/2024
NVD Last Modified:
03/17/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2021-47254 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Modified Analysis by NIST 3/17/2026 1:28:18 PM

Modified Analysis by NIST 1/27/2026 2:37:29 PM

Initial Analysis by NIST 12/30/2024 2:50:58 PM

CVE Modified by CVE 11/21/2024 1:35:43 AM

CVE Modified by kernel.org 5/28/2024 4:15:51 PM

New CVE Received from kernel.org 5/21/2024 11:15:14 AM

Quick Info