Vulnerability-Lookup

CVE-2021-47351 (GCVE-0-2021-47351)

Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:53

Title

ubifs: Fix races between xattr_{set|get} and listxattr operations

Summary

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com

Severity ?

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/7adc05b73d91a5e3d…
https://git.kernel.org/stable/c/38dde03eb239605f4…
https://git.kernel.org/stable/c/9558612cb829f2c02…
https://git.kernel.org/stable/c/c0756f75c22149d20…
https://git.kernel.org/stable/c/f4e3634a3b642225a…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 38dde03eb239605f428f3f1e4baa73d4933a4cc6 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 9558612cb829f2c022b788f55d6b8437d5234a82 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < c0756f75c22149d20fcb7d8409827cee905eb386 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < f4e3634a3b642225a530c292fdb1e8a4007507f5 (git)
Linux	Linux	Affected: 2.6.27 Unaffected: 0 , < 2.6.27 (semver) Unaffected: 5.4.133 , ≤ 5.4.* (semver) Unaffected: 5.10.51 , ≤ 5.10.* (semver) Unaffected: 5.12.18 , ≤ 5.12.* (semver) Unaffected: 5.13.3 , ≤ 5.13.* (semver) Unaffected: 5.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T19:01:36.389057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T19:01:45.807Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:08.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/super.c",
            "fs/ubifs/ubifs.h",
            "fs/ubifs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "38dde03eb239605f428f3f1e4baa73d4933a4cc6",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "9558612cb829f2c022b788f55d6b8437d5234a82",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "c0756f75c22149d20fcb7d8409827cee905eb386",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "f4e3634a3b642225a530c292fdb1e8a4007507f5",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/super.c",
            "fs/ubifs/ubifs.h",
            "fs/ubifs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.13.*",
              "status": "unaffected",
              "version": "5.13.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.133",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.51",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.18",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13.3",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:53:01.349Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"
        },
        {
          "url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"
        }
      ],
      "title": "ubifs: Fix races between xattr_{set|get} and listxattr operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47351",
    "datePublished": "2024-05-21T14:35:55.806Z",
    "dateReserved": "2024-05-21T14:28:16.985Z",
    "dateUpdated": "2026-05-11T13:53:01.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-47351",
      "date": "2026-05-20",
      "epss": "0.00023",
      "percentile": "0.06546"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47351\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:21.553\",\"lastModified\":\"2025-05-12T19:55:22.127\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nubifs: Fix races between xattr_{set|get} and listxattr operations\\n\\nUBIFS may occur some problems with concurrent xattr_{set|get} and\\nlistxattr operations, such as assertion failure, memory corruption,\\nstale xattr value[1].\\n\\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\\noperations on xattr, concurrent read operations are still effective,\\njust like ext4.\\n\\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com\"},{\"lang\":\"es\",\"value\":\" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: corrige ejecuci\u00f3ns entre las operaciones xattr_{set|get} y listxattr. UBIFS puede producir algunos problemas con las operaciones xattr_{set|get} y listxattr simult\u00e1neas, como fallas de aserci\u00f3n y corrupci\u00f3n de memoria. , valor xattr obsoleto [1]. Soluc\u00f3nelo importando un nuevo rw-lock en @ubifs_inode para serializar las operaciones de escritura en xattr, las operaciones de lectura simult\u00e1neas siguen siendo efectivas, al igual que ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.27\",\"versionEndExcluding\":\"5.4.133\",\"matchCriteriaId\":\"1294CBBF-0C34-4217-91B6-A4A44E42A4DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.51\",\"matchCriteriaId\":\"93289127-DFB3-4515-89DD-50521FF8B7FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.12.18\",\"matchCriteriaId\":\"79D13C82-E06F-4A70-A3D1-C09494FBC94D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13\",\"versionEndExcluding\":\"5.13.3\",\"matchCriteriaId\":\"853187F6-707A-487B-95C0-621B5211B43C\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:32:08.560Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47351\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-11T19:01:36.389057Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T19:01:42.497Z\"}}], \"cna\": {\"title\": \"ubifs: Fix races between xattr_{set|get} and listxattr operations\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d\", \"lessThan\": \"7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d\", \"lessThan\": \"38dde03eb239605f428f3f1e4baa73d4933a4cc6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d\", \"lessThan\": \"9558612cb829f2c022b788f55d6b8437d5234a82\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d\", \"lessThan\": \"c0756f75c22149d20fcb7d8409827cee905eb386\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d\", \"lessThan\": \"f4e3634a3b642225a530c292fdb1e8a4007507f5\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/ubifs/super.c\", \"fs/ubifs/ubifs.h\", \"fs/ubifs/xattr.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.27\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.27\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.133\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.51\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.18\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.13.*\"}, {\"status\": \"unaffected\", \"version\": \"5.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/ubifs/super.c\", \"fs/ubifs/ubifs.h\", \"fs/ubifs/xattr.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\"}, {\"url\": \"https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6\"}, {\"url\": \"https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82\"}, {\"url\": \"https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386\"}, {\"url\": \"https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nubifs: Fix races between xattr_{set|get} and listxattr operations\\n\\nUBIFS may occur some problems with concurrent xattr_{set|get} and\\nlistxattr operations, such as assertion failure, memory corruption,\\nstale xattr value[1].\\n\\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\\noperations on xattr, concurrent read operations are still effective,\\njust like ext4.\\n\\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.133\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.51\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.18\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13.3\", \"versionStartIncluding\": \"2.6.27\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.14\", \"versionStartIncluding\": \"2.6.27\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:09:10.505Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47351\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:09:10.505Z\", \"dateReserved\": \"2024-05-21T14:28:16.985Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-21T14:35:55.806Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2JPV-MGVF-9659

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-05-12 21:30

Details

In the Linux kernel, the following vulnerability has been resolved:

ubifs: Fix races between xattr_{set|get} and listxattr operations

UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1].

Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4.

[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-47351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com",
  "id": "GHSA-2jpv-mgvf-9659",
  "modified": "2025-05-12T21:30:55Z",
  "published": "2024-05-21T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47351"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

BDU:2025-14329

Vulnerability from fstec - Published: 31.05.2021

Title

Уязвимость функции ubifs_alloc_inode() модуля fs/ubifs/super.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции ubifs_alloc_inode() модуля fs/ubifs/super.c ядра операционной системы Linux связана с ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Linux

Software Version

от 5.5 до 5.10.50 включительно (Linux), от 5.11 до 5.12.17 включительно (Linux), от 5.13 до 5.13.2 включительно (Linux), от 2.6.27 до 5.4.132 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08 https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6 https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82 https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386 https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47351-8e6c@gregkh/ https://git.kernel.org/linus/f4e3634a3b642225a530c292fdb1e8a4007507f5 https://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.176-lvc1&id=38dde03eb239605f428f3f1e4baa73d4933a4cc6 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3

Reference

https://www.cve.org/CVERecord?id=CVE-2021-47351 https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08 https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6 https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82 https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386 https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47351-8e6c@gregkh/ https://git.kernel.org/linus/f4e3634a3b642225a530c292fdb1e8a4007507f5 https://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.176-lvc1&id=38dde03eb239605f428f3f1e4baa73d4933a4cc6 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3

CWE

CWE-362, CWE-617, CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.5 \u0434\u043e 5.10.50 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.12.17 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.13 \u0434\u043e 5.13.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 2.6.27 \u0434\u043e 5.4.132 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\nhttps://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6\nhttps://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82\nhttps://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47351-8e6c@gregkh/\nhttps://git.kernel.org/linus/f4e3634a3b642225a530c292fdb1e8a4007507f5\nhttps://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.176-lvc1\u0026id=38dde03eb239605f428f3f1e4baa73d4933a4cc6\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.11.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14329",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-47351",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.50 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.12.17 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.13 \u0434\u043e 5.13.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.27 \u0434\u043e 5.4.132 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ubifs_alloc_inode() \u043c\u043e\u0434\u0443\u043b\u044f fs/ubifs/super.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362), \u0414\u043e\u0441\u0442\u0443\u043f\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f assert() (CWE-617), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ubifs_alloc_inode() \u043c\u043e\u0434\u0443\u043b\u044f fs/ubifs/super.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cve.org/CVERecord?id=CVE-2021-47351\nhttps://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08\nhttps://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6\nhttps://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82\nhttps://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47351-8e6c@gregkh/\nhttps://git.kernel.org/linus/f4e3634a3b642225a530c292fdb1e8a4007507f5\nhttps://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.176-lvc1\u0026id=38dde03eb239605f428f3f1e4baa73d4933a4cc6\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362, CWE-617, CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

FKIE_CVE-2021-47351

Vulnerability from fkie_nvd - Published: 2024-05-21 15:15 - Updated: 2025-05-12 19:55

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1294CBBF-0C34-4217-91B6-A4A44E42A4DC",
              "versionEndExcluding": "5.4.133",
              "versionStartIncluding": "2.6.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93289127-DFB3-4515-89DD-50521FF8B7FF",
              "versionEndExcluding": "5.10.51",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79D13C82-E06F-4A70-A3D1-C09494FBC94D",
              "versionEndExcluding": "5.12.18",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C",
              "versionEndExcluding": "5.13.3",
              "versionStartIncluding": "5.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix races between xattr_{set|get} and listxattr operations\n\nUBIFS may occur some problems with concurrent xattr_{set|get} and\nlistxattr operations, such as assertion failure, memory corruption,\nstale xattr value[1].\n\nFix it by importing a new rw-lock in @ubifs_inode to serilize write\noperations on xattr, concurrent read operations are still effective,\njust like ext4.\n\n[1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: corrige ejecuci\u00f3ns entre las operaciones xattr_{set|get} y listxattr. UBIFS puede producir algunos problemas con las operaciones xattr_{set|get} y listxattr simult\u00e1neas, como fallas de aserci\u00f3n y corrupci\u00f3n de memoria. , valor xattr obsoleto [1]. Soluc\u00f3nelo importando un nuevo rw-lock en @ubifs_inode para serializar las operaciones de escritura en xattr, las operaciones de lectura simult\u00e1neas siguen siendo efectivas, al igual que ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com"
    }
  ],
  "id": "CVE-2021-47351",
  "lastModified": "2025-05-12T19:55:22.127",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T15:15:21.553",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-47351 (GCVE-0-2021-47351)

GHSA-2JPV-MGVF-9659

BDU:2025-14329

FKIE_CVE-2021-47351

Tags

Sightings

Nomenclature