CVE-2021-47343 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc
https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3
https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9
https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5
https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851
https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a
https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb
https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e
https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5
https://lore.kernel.org/linux-cve-announce/2024052138-CVE-2021-47343-1974@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47343
https://www.cve.org/CVERecord?id=CVE-2021-47343

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-1188
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47343", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.979Z", "datePublished": "2024-05-21T14:35:50.293Z", "dateUpdated": "2025-05-04T07:09:01.476Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:09:01.476Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: assign new_root only when removal succeeds\n\nremove_raw() in dm_btree_remove() may fail due to IO read error\n(e.g. read the content of origin block fails during shadowing),\nand the value of shadow_spine::root is uninitialized, but\nthe uninitialized value is still assign to new_root in the\nend of dm_btree_remove().\n\nFor dm-thin, the value of pmd->details_root or pmd->root will become\nan uninitialized value, so if trying to read details_info tree again\nout-of-bound memory may occur as showed below:\n\n  general protection fault, probably for non-canonical address 0x3fdcb14c8d7520\n  CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6\n  Hardware name: QEMU Standard PC\n  RIP: 0010:metadata_ll_load_ie+0x14/0x30\n  Call Trace:\n   sm_metadata_count_is_more_than_one+0xb9/0xe0\n   dm_tm_shadow_block+0x52/0x1c0\n   shadow_step+0x59/0xf0\n   remove_raw+0xb2/0x170\n   dm_btree_remove+0xf4/0x1c0\n   dm_pool_delete_thin_device+0xc3/0x140\n   pool_message+0x218/0x2b0\n   target_message+0x251/0x290\n   ctl_ioctl+0x1c4/0x4d0\n   dm_ctl_ioctl+0xe/0x20\n   __x64_sys_ioctl+0x7b/0xb0\n   do_syscall_64+0x40/0xb0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFixing it by only assign new_root when removal succeeds"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/persistent-data/dm-btree-remove.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4c84b3e0728ffe10d89c633694c35a02b5c477dc", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c154775619186781aaf8a99333ac07437a1768d5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "73f27adaa73e3057a9ec464e33c4f54d34ea5de3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8fbae4a1bdb5b889490cdee929e68540151536e5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "964d57d1962d7e68f0f578f05d9ae4a104d74851", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ba47e65a5de3e0e8270301a409fc63d3129fdb9e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "89bf942314b78d454db92427201421b5dec132d9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ad365e9351ac2b450e7e79932ff6abf59342d91a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b6e58b5466b2959f83034bead2e2e1395cca8aeb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/persistent-data/dm-btree-remove.c"], "versions": [{"version": "4.4.276", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.276", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.240", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.198", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.133", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.51", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.18", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13.3", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.4.276"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.276"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.14.240"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.133"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.12.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.13.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc"}, {"url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5"}, {"url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3"}, {"url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5"}, {"url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851"}, {"url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e"}, {"url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9"}, {"url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a"}, {"url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb"}], "title": "dm btree remove: assign new_root only when removal succeeds", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47343", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:04:19.383705Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:15:19.329Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.519Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2021-47343 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-05-21T14:28:16.979Z (string)

datePublished : 2024-05-21T14:35:50.293Z (string)

dateUpdated : 2025-05-04T07:09:01.476Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T07:09:01.476Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read details_info tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadata_ll_load_ie+0x14/0x30 Call Trace: sm_metadata_count_is_more_than_one+0xb9/0xe0 dm_tm_shadow_block+0x52/0x1c0 shadow_step+0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 dm_ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/md/persistent-data/dm-btree-remove.c (string)

]

versions : [ »

0 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : c154775619186781aaf8a99333ac07437a1768d5 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 89bf942314b78d454db92427201421b5dec132d9 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

status : affected (string)

versionType : git (string)

}

8 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/md/persistent-data/dm-btree-remove.c (string)

]

versions : [ »

0 : { »

version : 4.4.276 (string)

lessThanOrEqual : 4.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

1 : { »

version : 4.9.276 (string)

lessThanOrEqual : 4.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.14.240 (string)

lessThanOrEqual : 4.14.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 4.19.198 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.4.133 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.10.51 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 5.12.18 (string)

lessThanOrEqual : 5.12.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 5.13.3 (string)

lessThanOrEqual : 5.13.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 5.14 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 4.4.276 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 4.9.276 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 4.14.240 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 4.19.198 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.4.133 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.10.51 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.12.18 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.13.3 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.14 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

}

1 : { »

url : https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

}

6 : { »

url : https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

}

8 : { »

url : https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

}

]

title : dm btree remove: assign new_root only when removal succeeds (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47343 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-23T19:04:19.383705Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:15:19.329Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:32:08.519Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.519Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47343", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:04:19.383705Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:04:26.101Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "dm btree remove: assign new_root only when removal succeeds", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4c84b3e0728ffe10d89c633694c35a02b5c477dc", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c154775619186781aaf8a99333ac07437a1768d5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "73f27adaa73e3057a9ec464e33c4f54d34ea5de3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8fbae4a1bdb5b889490cdee929e68540151536e5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "964d57d1962d7e68f0f578f05d9ae4a104d74851", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ba47e65a5de3e0e8270301a409fc63d3129fdb9e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "89bf942314b78d454db92427201421b5dec132d9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ad365e9351ac2b450e7e79932ff6abf59342d91a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b6e58b5466b2959f83034bead2e2e1395cca8aeb", "versionType": "git"}], "programFiles": ["drivers/md/persistent-data/dm-btree-remove.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.4.276", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.276", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.240", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.198", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.133", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.51", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.18", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13.3", "versionType": "semver", "lessThanOrEqual": "5.13.*"}, {"status": "unaffected", "version": "5.14", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/md/persistent-data/dm-btree-remove.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc"}, {"url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5"}, {"url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3"}, {"url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5"}, {"url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851"}, {"url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e"}, {"url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9"}, {"url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a"}, {"url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: assign new_root only when removal succeeds\n\nremove_raw() in dm_btree_remove() may fail due to IO read error\n(e.g. read the content of origin block fails during shadowing),\nand the value of shadow_spine::root is uninitialized, but\nthe uninitialized value is still assign to new_root in the\nend of dm_btree_remove().\n\nFor dm-thin, the value of pmd->details_root or pmd->root will become\nan uninitialized value, so if trying to read details_info tree again\nout-of-bound memory may occur as showed below:\n\n  general protection fault, probably for non-canonical address 0x3fdcb14c8d7520\n  CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6\n  Hardware name: QEMU Standard PC\n  RIP: 0010:metadata_ll_load_ie+0x14/0x30\n  Call Trace:\n   sm_metadata_count_is_more_than_one+0xb9/0xe0\n   dm_tm_shadow_block+0x52/0x1c0\n   shadow_step+0x59/0xf0\n   remove_raw+0xb2/0x170\n   dm_btree_remove+0xf4/0x1c0\n   dm_pool_delete_thin_device+0xc3/0x140\n   pool_message+0x218/0x2b0\n   target_message+0x251/0x290\n   ctl_ioctl+0x1c4/0x4d0\n   dm_ctl_ioctl+0xe/0x20\n   __x64_sys_ioctl+0x7b/0xb0\n   do_syscall_64+0x40/0xb0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFixing it by only assign new_root when removal succeeds"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.4.276"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.276"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.240"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.198"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.133"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.51"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:09:01.476Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47343", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:09:01.476Z", "dateReserved": "2024-05-21T14:28:16.979Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:35:50.293Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:32:08.519Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47343 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-23T19:04:19.383705Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T19:04:26.101Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : dm btree remove: assign new_root only when removal succeeds (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : c154775619186781aaf8a99333ac07437a1768d5 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 89bf942314b78d454db92427201421b5dec132d9 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

versionType : git (string)

}

8 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

versionType : git (string)

}

]

programFiles : [ »

0 : drivers/md/persistent-data/dm-btree-remove.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 4.4.276 (string)

versionType : semver (string)

lessThanOrEqual : 4.4.* (string)

}

1 : { »

status : unaffected (string)

version : 4.9.276 (string)

versionType : semver (string)

lessThanOrEqual : 4.9.* (string)

}

2 : { »

status : unaffected (string)

version : 4.14.240 (string)

versionType : semver (string)

lessThanOrEqual : 4.14.* (string)

}

3 : { »

status : unaffected (string)

version : 4.19.198 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

4 : { »

status : unaffected (string)

version : 5.4.133 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

5 : { »

status : unaffected (string)

version : 5.10.51 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

6 : { »

status : unaffected (string)

version : 5.12.18 (string)

versionType : semver (string)

lessThanOrEqual : 5.12.* (string)

}

7 : { »

status : unaffected (string)

version : 5.13.3 (string)

versionType : semver (string)

lessThanOrEqual : 5.13.* (string)

}

8 : { »

status : unaffected (string)

version : 5.14 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : drivers/md/persistent-data/dm-btree-remove.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

}

1 : { »

url : https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

}

6 : { »

url : https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

}

8 : { »

url : https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read details_info tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadata_ll_load_ie+0x14/0x30 Call Trace: sm_metadata_count_is_more_than_one+0xb9/0xe0 dm_tm_shadow_block+0x52/0x1c0 shadow_step+0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 dm_ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.4.276 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.9.276 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.14.240 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.198 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.133 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.51 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.12.18 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.13.3 (string)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.14 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T07:09:01.476Z (string)

}

cveMetadata : { »

cveId : CVE-2021-47343 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T07:09:01.476Z (string)

dateReserved : 2024-05-21T14:28:16.979Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-05-21T14:35:50.293Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10282F37-B17F-4974-967E-FCD5ABC9AB8E", "versionEndExcluding": "4.4.276", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C79FFC06-9530-4CD7-B651-01D786CC925E", "versionEndExcluding": "4.9.276", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB359B2E-773D-4D52-9915-E07A47ABE72B", "versionEndExcluding": "4.14.240", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2", "versionEndExcluding": "4.19.198", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "65A8F1FF-5639-455A-8BF4-9FF529240505", "versionEndExcluding": "5.4.133", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "93289127-DFB3-4515-89DD-50521FF8B7FF", "versionEndExcluding": "5.10.51", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "79D13C82-E06F-4A70-A3D1-C09494FBC94D", "versionEndExcluding": "5.12.18", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C", "versionEndExcluding": "5.13.3", "versionStartIncluding": "5.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: assign new_root only when removal succeeds\n\nremove_raw() in dm_btree_remove() may fail due to IO read error\n(e.g. read the content of origin block fails during shadowing),\nand the value of shadow_spine::root is uninitialized, but\nthe uninitialized value is still assign to new_root in the\nend of dm_btree_remove().\n\nFor dm-thin, the value of pmd->details_root or pmd->root will become\nan uninitialized value, so if trying to read details_info tree again\nout-of-bound memory may occur as showed below:\n\n  general protection fault, probably for non-canonical address 0x3fdcb14c8d7520\n  CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6\n  Hardware name: QEMU Standard PC\n  RIP: 0010:metadata_ll_load_ie+0x14/0x30\n  Call Trace:\n   sm_metadata_count_is_more_than_one+0xb9/0xe0\n   dm_tm_shadow_block+0x52/0x1c0\n   shadow_step+0x59/0xf0\n   remove_raw+0xb2/0x170\n   dm_btree_remove+0xf4/0x1c0\n   dm_pool_delete_thin_device+0xc3/0x140\n   pool_message+0x218/0x2b0\n   target_message+0x251/0x290\n   ctl_ioctl+0x1c4/0x4d0\n   dm_ctl_ioctl+0xe/0x20\n   __x64_sys_ioctl+0x7b/0xb0\n   do_syscall_64+0x40/0xb0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFixing it by only assign new_root when removal succeeds"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm btree remove: asigna new_root solo cuando la eliminaci\u00f3n se realiza correctamente. remove_raw() en dm_btree_remove() puede fallar debido a un error de lectura de E/S (por ejemplo, la lectura del contenido del bloque de origen falla durante el sombreado), y el valor de shadow_spine::root no est\u00e1 inicializado, pero el valor no inicializado a\u00fan se asigna a new_root al final de dm_btree_remove(). Para dm-thin, el valor de pmd-&gt;details_root o pmd-&gt;root se convertir\u00e1 en un valor no inicializado, por lo que si intenta leer el \u00e1rbol de detalles_info nuevamente, puede ocurrir que la memoria est\u00e9 fuera de los l\u00edmites, como se muestra a continuaci\u00f3n: falla de protecci\u00f3n general, probablemente para no usuarios. -direcci\u00f3n can\u00f3nica 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup No contaminado 5.13.0-rc6 Nombre de hardware: QEMU PC est\u00e1ndar RIP: 0010:metadata_ll_load_ie+0x14/0x30 Seguimiento de llamadas: sm_metadata_count_is_more_than_one+0xb9/0xe0 m_shadow_block+0x52/0x1c0 sombra_paso+ 0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 _ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entrada_SYSCALL_64_after_hwframe+ 0x44/0xae Se soluciona asignando new_root \u00fanicamente cuando la eliminaci\u00f3n se realiza correctamente"}], "id": "CVE-2021-47343", "lastModified": "2025-05-12T19:58:09.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:20.993", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 10282F37-B17F-4974-967E-FCD5ABC9AB8E (string)

versionEndExcluding : 4.4.276 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C79FFC06-9530-4CD7-B651-01D786CC925E (string)

versionEndExcluding : 4.9.276 (string)

versionStartIncluding : 4.5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FB359B2E-773D-4D52-9915-E07A47ABE72B (string)

versionEndExcluding : 4.14.240 (string)

versionStartIncluding : 4.10 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2 (string)

versionEndExcluding : 4.19.198 (string)

versionStartIncluding : 4.15 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 65A8F1FF-5639-455A-8BF4-9FF529240505 (string)

versionEndExcluding : 5.4.133 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 93289127-DFB3-4515-89DD-50521FF8B7FF (string)

versionEndExcluding : 5.10.51 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 79D13C82-E06F-4A70-A3D1-C09494FBC94D (string)

versionEndExcluding : 5.12.18 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 853187F6-707A-487B-95C0-621B5211B43C (string)

versionEndExcluding : 5.13.3 (string)

versionStartIncluding : 5.13 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read details_info tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadata_ll_load_ie+0x14/0x30 Call Trace: sm_metadata_count_is_more_than_one+0xb9/0xe0 dm_tm_shadow_block+0x52/0x1c0 shadow_step+0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 dm_ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm btree remove: asigna new_root solo cuando la eliminación se realiza correctamente. remove_raw() en dm_btree_remove() puede fallar debido a un error de lectura de E/S (por ejemplo, la lectura del contenido del bloque de origen falla durante el sombreado), y el valor de shadow_spine::root no está inicializado, pero el valor no inicializado aún se asigna a new_root al final de dm_btree_remove(). Para dm-thin, el valor de pmd->details_root o pmd->root se convertirá en un valor no inicializado, por lo que si intenta leer el árbol de detalles_info nuevamente, puede ocurrir que la memoria esté fuera de los límites, como se muestra a continuación: falla de protección general, probablemente para no usuarios. -dirección canónica 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup No contaminado 5.13.0-rc6 Nombre de hardware: QEMU PC estándar RIP: 0010:metadata_ll_load_ie+0x14/0x30 Seguimiento de llamadas: sm_metadata_count_is_more_than_one+0xb9/0xe0 m_shadow_block+0x52/0x1c0 sombra_paso+ 0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 _ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entrada_SYSCALL_64_after_hwframe+ 0x44/0xae Se soluciona asignando new_root únicamente cuando la eliminación se realiza correctamente (string)

}

]

id : CVE-2021-47343 (string)

lastModified : 2025-05-12T19:58:09.607 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-05-21T15:15:20.993 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

}

8 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-1188 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: dm btree remove: assign new_root only when removal succeeds", "id": "2282413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282413"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndm btree remove: assign new_root only when removal succeeds\nremove_raw() in dm_btree_remove() may fail due to IO read error\n(e.g. read the content of origin block fails during shadowing),\nand the value of shadow_spine::root is uninitialized, but\nthe uninitialized value is still assign to new_root in the\nend of dm_btree_remove().\nFor dm-thin, the value of pmd->details_root or pmd->root will become\nan uninitialized value, so if trying to read details_info tree again\nout-of-bound memory may occur as showed below:\ngeneral protection fault, probably for non-canonical address 0x3fdcb14c8d7520\nCPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6\nHardware name: QEMU Standard PC\nRIP: 0010:metadata_ll_load_ie+0x14/0x30\nCall Trace:\nsm_metadata_count_is_more_than_one+0xb9/0xe0\ndm_tm_shadow_block+0x52/0x1c0\nshadow_step+0x59/0xf0\nremove_raw+0xb2/0x170\ndm_btree_remove+0xf4/0x1c0\ndm_pool_delete_thin_device+0xc3/0x140\npool_message+0x218/0x2b0\ntarget_message+0x251/0x290\nctl_ioctl+0x1c4/0x4d0\ndm_ctl_ioctl+0xe/0x20\n__x64_sys_ioctl+0x7b/0xb0\ndo_syscall_64+0x40/0xb0\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nFixing it by only assign new_root when removal succeeds"], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47343", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47343\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47343\nhttps://lore.kernel.org/linux-cve-announce/2024052138-CVE-2021-47343-1974@gregkh/T"], "statement": "This vulnerability is rated as a moderate severity because it can cause system crashes or unpredictable behavior due to invalid memory access, but it does not directly compromise data security or allow unauthorized access.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : kernel: dm btree remove: assign new_root only when removal succeeds (string)

id : 2282413 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2282413 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-824 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read details_info tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadata_ll_load_ie+0x14/0x30 Call Trace: sm_metadata_count_is_more_than_one+0xb9/0xe0 dm_tm_shadow_block+0x52/0x1c0 shadow_step+0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 dm_ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds (string)

]

mitigation : { »

lang : en:us (string)

value : Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. (string)

}

name : CVE-2021-47343 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-05-21T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2021-47343 https://nvd.nist.gov/vuln/detail/CVE-2021-47343 https://lore.kernel.org/linux-cve-announce/2024052138-CVE-2021-47343-1974@gregkh/T (string)

]

statement : This vulnerability is rated as a moderate severity because it can cause system crashes or unpredictable behavior due to invalid memory access, but it does not directly compromise data security or allow unauthorized access. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object