cvelistv5 - cve-2021-46958

cve-2021-46958

Vulnerability from cvelistv5

Published

2024-02-27 18:46

Modified

2024-12-19 07:32

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an use-after-free of the log root tree. When this happens, it results in a stack trace like the following: BTRFS info (device dm-0): forced readonly BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5) BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 BTRFS error (device dm-0): error writing primary super block to device 1 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10 BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers) BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x139/0xa40 Code: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002 RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 Code: 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...) ---[ end trace ee2f1b19327d791d ]--- The steps that lead to this crash are the following: 1) We are at transaction N; 2) We have two tasks with a transaction handle attached to transaction N. Task A and Task B. Task B is doing an fsync; 3) Task B is at btrfs_sync_log(), and has saved fs_info->log_root_tree into a local variable named 'log_root_tree' at the top of btrfs_sync_log(). Task B is about to call write_all_supers(), but before that... 4) Task A calls btrfs_commit_transaction(), and after it sets the transaction state to TRANS_STATE_COMMIT_START, an error happens before it w ---truncated---

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338	Patch

Impacted products

Vendor

Product

Version

▼

Linux

Version: ef67963dac255b293e19815ea3d440567be4626f
Version: ef67963dac255b293e19815ea3d440567be4626f
Version: ef67963dac255b293e19815ea3d440567be4626f
Version: ef67963dac255b293e19815ea3d440567be4626f

Linux

Version: 5.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T19:27:46.078537Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T19:28:05.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/transaction.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
              "status": "affected",
              "version": "ef67963dac255b293e19815ea3d440567be4626f",
              "versionType": "git"
            },
            {
              "lessThan": "633f7f216663587f17601eaa1cf2ac3d5654874c",
              "status": "affected",
              "version": "ef67963dac255b293e19815ea3d440567be4626f",
              "versionType": "git"
            },
            {
              "lessThan": "e2da98788369bfba1138bada72765c47989a4338",
              "status": "affected",
              "version": "ef67963dac255b293e19815ea3d440567be4626f",
              "versionType": "git"
            },
            {
              "lessThan": "061dde8245356d8864d29e25207aa4daa0be4d3c",
              "status": "affected",
              "version": "ef67963dac255b293e19815ea3d440567be4626f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/transaction.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T07:32:33.260Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
        },
        {
          "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
        }
      ],
      "title": "btrfs: fix race between transaction aborts and fsyncs leading to use-after-free",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46958",
    "datePublished": "2024-02-27T18:46:59.315Z",
    "dateReserved": "2024-02-27T18:42:55.939Z",
    "dateUpdated": "2024-12-19T07:32:33.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46958\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T19:04:06.813\",\"lastModified\":\"2024-12-11T14:43:21.320\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\\n\\nThere is a race between a task aborting a transaction during a commit,\\na task doing an fsync and the transaction kthread, which leads to an\\nuse-after-free of the log root tree. When this happens, it results in a\\nstack trace like the following:\\n\\n  BTRFS info (device dm-0): forced readonly\\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\\n  BTRFS error (device dm-0): error writing primary super block to device 1\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\\n  RIP: 0010:__mutex_lock+0x139/0xa40\\n  Code: c0 74 19 (...)\\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\n  Call Trace:\\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\\n   btrfs_sync_file+0x40c/0x580 [btrfs]\\n   do_fsync+0x38/0x70\\n   __x64_sys_fsync+0x10/0x20\\n   do_syscall_64+0x33/0x80\\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\\n  RIP: 0033:0x7fa9142a55c3\\n  Code: 8b 15 09 (...)\\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\\n  ---[ end trace ee2f1b19327d791d ]---\\n\\nThe steps that lead to this crash are the following:\\n\\n1) We are at transaction N;\\n\\n2) We have two tasks with a transaction handle attached to transaction N.\\n   Task A and Task B. Task B is doing an fsync;\\n\\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\\n   into a local variable named \u0027log_root_tree\u0027 at the top of\\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\\n   before that...\\n\\n4) Task A calls btrfs_commit_transaction(), and after it sets the\\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\\n   it w\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige la ejecuci\u00f3n entre transacciones abortadas y fsyncs que conducen a use-after-free. Hay una carrera entre una tarea que aborta una transacci\u00f3n durante un commit, una tarea que realiza una fsync y la transacci\u00f3n. kthread, lo que conduce a un use-after-free del \u00e1rbol ra\u00edz del registro. Cuando esto sucede, se genera un seguimiento de pila como el siguiente: Informaci\u00f3n BTRFS (dispositivo dm-0): solo lectura forzada Advertencia BTRFS (dispositivo dm-0): omitir confirmaci\u00f3n de transacci\u00f3n abortada. BTRFS: error (dispositivo dm-0) en cleanup_transaction:1958: errno=-5 falla de IO Advertencia de BTRFS (dispositivo dm-0): escritura de p\u00e1gina perdida debido a un error de IO en /dev/mapper/error-test (-5) BTRFS Advertencia (dispositivo dm-0): omitir confirmaci\u00f3n de transacci\u00f3n abortada. Advertencia BTRFS (dispositivo dm-0): IO directa fall\u00f3 en 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 Error BTRFS (dispositivo dm-0): error al escribir el superbloque primario en el dispositivo 1 Advertencia BTRFS (dispositivo dm-0) : error de IO directo ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 advertencia BTRFS (dispositivo dm-0): error de IO directo ino 261 rw 0,0 sector 0x12e008 len 4096 error no 10 advertencia BTRFS (dispositivo dm-0) : error de IO directo ino 261 rw 0,0 sector 0x12e010 len 4096 error no 10 BTRFS: error (dispositivo dm-0) en write_all_supers:4110: errno=-5 error de IO (1 error al escribir supers) BTRFS: error (dispositivo dm -0) en btrfs_sync_log:3308: errno=-5 Fallo de E/S Fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0- rc5-btrfs-next-84 #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 01/04/2014 RIP: 0010:__mutex_lock+ 0x139/0xa40 C\u00f3digo: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 00000000000000002 RD X: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 00000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b 80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2 b4003 CR4 : 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000fffe0ff0 DR7: 000000 0000000400 Rastreo de llamadas: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs]? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+ 0x33/0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 C\u00f3digo : 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c 3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000001 R09: 00007fff26278d5c R10: 0 000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 M\u00f3dulos vinculados en: btrfs dm_zero dm_snapshot dm _thin_pool (...) ---[ end trace ee2f1b19327d791d ]--- Los pasos que conducen a este bloqueo son los siguientes: 1) Estamos en la transacci\u00f3n N; 2) Tenemos dos tareas con un identificador de transacci\u00f3n adjunto a la transacci\u00f3n N. Tarea A y Tarea B. La tarea B est\u00e1 realizando una sincronizaci\u00f3n f; 3) La tarea B est\u00e1 en btrfs_sync_log() y ha guardado fs_info-\u0026gt;log_root_tree en una variable local llamada \u0027log_root_tree\u0027 en la parte superior de btrfs_sync_log().---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7\",\"versionEndExcluding\":\"5.10.36\",\"matchCriteriaId\":\"C6E35DB7-8D08-44A4-88FE-9B73324500C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.11.20\",\"matchCriteriaId\":\"EEC03413-9760-46D4-AC1D-EB084A1D4111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.12.3\",\"matchCriteriaId\":\"F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:17:42.988Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-15T19:27:46.078537Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-15T19:28:02.844Z\"}}], \"cna\": {\"title\": \"btrfs: fix race between transaction aborts and fsyncs leading to use-after-free\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"ef67963dac255b293e19815ea3d440567be4626f\", \"lessThan\": \"a4794be7b00b7eda4b45fffd283ab7d76df7e5d6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ef67963dac255b293e19815ea3d440567be4626f\", \"lessThan\": \"633f7f216663587f17601eaa1cf2ac3d5654874c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ef67963dac255b293e19815ea3d440567be4626f\", \"lessThan\": \"e2da98788369bfba1138bada72765c47989a4338\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ef67963dac255b293e19815ea3d440567be4626f\", \"lessThan\": \"061dde8245356d8864d29e25207aa4daa0be4d3c\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/btrfs/transaction.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.7\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.7\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.10.36\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.11.20\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.11.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/btrfs/transaction.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6\"}, {\"url\": \"https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c\"}, {\"url\": \"https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338\"}, {\"url\": \"https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\\n\\nThere is a race between a task aborting a transaction during a commit,\\na task doing an fsync and the transaction kthread, which leads to an\\nuse-after-free of the log root tree. When this happens, it results in a\\nstack trace like the following:\\n\\n  BTRFS info (device dm-0): forced readonly\\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\\n  BTRFS error (device dm-0): error writing primary super block to device 1\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\\n  RIP: 0010:__mutex_lock+0x139/0xa40\\n  Code: c0 74 19 (...)\\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\n  Call Trace:\\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\\n   btrfs_sync_file+0x40c/0x580 [btrfs]\\n   do_fsync+0x38/0x70\\n   __x64_sys_fsync+0x10/0x20\\n   do_syscall_64+0x33/0x80\\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\\n  RIP: 0033:0x7fa9142a55c3\\n  Code: 8b 15 09 (...)\\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\\n  ---[ end trace ee2f1b19327d791d ]---\\n\\nThe steps that lead to this crash are the following:\\n\\n1) We are at transaction N;\\n\\n2) We have two tasks with a transaction handle attached to transaction N.\\n   Task A and Task B. Task B is doing an fsync;\\n\\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\\n   into a local variable named \u0027log_root_tree\u0027 at the top of\\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\\n   before that...\\n\\n4) Task A calls btrfs_commit_transaction(), and after it sets the\\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\\n   it w\\n---truncated---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T07:32:33.260Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-46958\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T07:32:33.260Z\", \"dateReserved\": \"2024-02-27T18:42:55.939Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-27T18:46:59.315Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2024-0500

Vulnerability from csaf_certbund

Published

2024-02-27 23:00

Modified

2025-01-14 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0500 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0500.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0500 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0500"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022715-CVE-2021-46954-b856@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-10-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-7-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-8-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-9-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46955-b50b@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46957-90af@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46958-53ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46960-f5ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46961-6212@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46962-e081@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46964-da8c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46965-3b74@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46966-1469@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46967-c991@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46969-3263@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46971-9534@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46973-20ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46975-248d@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6739-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2109-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018772.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2130-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018774.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2120-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018777.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2121-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018776.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2143-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018792.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2139-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018773.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2145-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018791.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2123-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018779.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2115-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018778.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2147-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018790.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2148-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018789.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2124-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2202-1 vom 2024-06-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018827.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2344-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018892.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2343-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018893.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2373-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018895.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2357-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018899.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2559-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018998.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2558-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018999.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
        "url": "https://ubuntu.com/security/notices/USN-6938-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2740-1 vom 2024-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019092.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2755-1 vom 2024-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019097.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2758-1 vom 2024-08-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019109.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
        "url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2773-1 vom 2024-08-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019112.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2822-1 vom 2024-08-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2821-1 vom 2024-08-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3015-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019309.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3044-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019321.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3037-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019326.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3034-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019315.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3048-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019320.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3043-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019322.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167662 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167662"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3642-1 vom 2024-10-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019612.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3649-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019619.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3663-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019624.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3662-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019625.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3652-1 vom 2024-10-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XAOP5G7ENALTQ2BLIJROCRJ3STRXQOFY/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3651-1 vom 2024-10-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VLAP2QXVEHLNNWBLHF53IAVX5KBCFJGW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3803-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019712.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3796-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019700.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3814-1 vom 2024-10-30",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QW54KPSGGX7Q3N4CIMSAGZRZY4WGZV2D/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3821-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019729.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3820-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019730.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3798-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019698.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4226-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019950.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4249-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019953.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4256-1 vom 2024-12-06",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/34BVCDIDBQSXQ6Y3TVDGD4FSZ7N3D3LI/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4242-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019958.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4264-1 vom 2024-12-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SZPUHL7SUZ57L3OJFO25IHYVDJ76ONGC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4263-1 vom 2024-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019971.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0091-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020100.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0103-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020115.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0106-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020113.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0101-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020116.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2025-01-14T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-15T09:22:41.720+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-0500",
      "initial_release_date": "2024-02-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-20T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-24T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Dell und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-07T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-05T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-08T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-26T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-27T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-16T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-30T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-09T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "34"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Dell NetWorker",
                "product": {
                  "name": "Dell NetWorker",
                  "product_id": "T024663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c19.11",
                "product": {
                  "name": "Dell NetWorker \u003c19.11",
                  "product_id": "T035785"
                }
              },
              {
                "category": "product_version",
                "name": "19.11",
                "product": {
                  "name": "Dell NetWorker 19.11",
                  "product_id": "T035785-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "24.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0",
                  "product_id": "T036570",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13",
                  "product_id": "T033114"
                }
              },
              {
                "category": "product_version",
                "name": "5.13",
                "product": {
                  "name": "Open Source Linux Kernel 5.13",
                  "product_id": "T033114-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-46942",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46942"
    },
    {
      "cve": "CVE-2021-46943",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46943"
    },
    {
      "cve": "CVE-2021-46944",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46944"
    },
    {
      "cve": "CVE-2021-46945",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46945"
    },
    {
      "cve": "CVE-2021-46954",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46954"
    },
    {
      "cve": "CVE-2021-46955",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46955"
    },
    {
      "cve": "CVE-2021-46956",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46956"
    },
    {
      "cve": "CVE-2021-46957",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46957"
    },
    {
      "cve": "CVE-2021-46958",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46958"
    },
    {
      "cve": "CVE-2021-46960",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46960"
    },
    {
      "cve": "CVE-2021-46961",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46961"
    },
    {
      "cve": "CVE-2021-46962",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46962"
    },
    {
      "cve": "CVE-2021-46963",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46963"
    },
    {
      "cve": "CVE-2021-46964",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46964"
    },
    {
      "cve": "CVE-2021-46965",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46965"
    },
    {
      "cve": "CVE-2021-46966",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46966"
    },
    {
      "cve": "CVE-2021-46967",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46967"
    },
    {
      "cve": "CVE-2021-46968",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46968"
    },
    {
      "cve": "CVE-2021-46969",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46969"
    },
    {
      "cve": "CVE-2021-46970",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46970"
    },
    {
      "cve": "CVE-2021-46971",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46971"
    },
    {
      "cve": "CVE-2021-46972",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46972"
    },
    {
      "cve": "CVE-2021-46973",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46973"
    },
    {
      "cve": "CVE-2021-46974",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46974"
    },
    {
      "cve": "CVE-2021-46975",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46975"
    }
  ]
}

WID-SEC-W-2024-0500

Vulnerability from csaf_certbund

Published

2024-02-27 23:00

Modified

2025-01-14 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0500 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0500.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0500 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0500"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022715-CVE-2021-46954-b856@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-10-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-7-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-8-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-9-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46955-b50b@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46957-90af@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46958-53ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46960-f5ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46961-6212@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46962-e081@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46964-da8c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46965-3b74@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46966-1469@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46967-c991@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46969-3263@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46971-9534@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46973-20ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46975-248d@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6739-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2109-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018772.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2130-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018774.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2120-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018777.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2121-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018776.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2143-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018792.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2139-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018773.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2145-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018791.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2123-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018779.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2115-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018778.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2147-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018790.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2148-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018789.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2124-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2202-1 vom 2024-06-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018827.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2344-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018892.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2343-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018893.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2373-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018895.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2357-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018899.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2559-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018998.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2558-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018999.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
        "url": "https://ubuntu.com/security/notices/USN-6938-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2740-1 vom 2024-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019092.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2755-1 vom 2024-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019097.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2758-1 vom 2024-08-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019109.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
        "url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2773-1 vom 2024-08-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019112.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2822-1 vom 2024-08-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2821-1 vom 2024-08-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3015-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019309.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3044-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019321.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3037-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019326.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3034-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019315.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3048-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019320.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3043-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019322.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167662 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167662"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3642-1 vom 2024-10-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019612.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3649-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019619.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3663-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019624.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3662-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019625.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3652-1 vom 2024-10-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XAOP5G7ENALTQ2BLIJROCRJ3STRXQOFY/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3651-1 vom 2024-10-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VLAP2QXVEHLNNWBLHF53IAVX5KBCFJGW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3803-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019712.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3796-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019700.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3814-1 vom 2024-10-30",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QW54KPSGGX7Q3N4CIMSAGZRZY4WGZV2D/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3821-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019729.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3820-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019730.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3798-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019698.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4226-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019950.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4249-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019953.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4256-1 vom 2024-12-06",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/34BVCDIDBQSXQ6Y3TVDGD4FSZ7N3D3LI/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4242-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019958.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4264-1 vom 2024-12-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SZPUHL7SUZ57L3OJFO25IHYVDJ76ONGC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4263-1 vom 2024-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019971.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0091-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020100.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0103-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020115.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0106-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020113.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0101-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020116.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2025-01-14T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-15T09:22:41.720+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-0500",
      "initial_release_date": "2024-02-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-20T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-24T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Dell und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-07T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-05T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-08T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-26T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-27T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-16T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-30T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-09T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "34"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Dell NetWorker",
                "product": {
                  "name": "Dell NetWorker",
                  "product_id": "T024663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c19.11",
                "product": {
                  "name": "Dell NetWorker \u003c19.11",
                  "product_id": "T035785"
                }
              },
              {
                "category": "product_version",
                "name": "19.11",
                "product": {
                  "name": "Dell NetWorker 19.11",
                  "product_id": "T035785-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "24.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0",
                  "product_id": "T036570",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13",
                  "product_id": "T033114"
                }
              },
              {
                "category": "product_version",
                "name": "5.13",
                "product": {
                  "name": "Open Source Linux Kernel 5.13",
                  "product_id": "T033114-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-46942",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46942"
    },
    {
      "cve": "CVE-2021-46943",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46943"
    },
    {
      "cve": "CVE-2021-46944",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46944"
    },
    {
      "cve": "CVE-2021-46945",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46945"
    },
    {
      "cve": "CVE-2021-46954",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46954"
    },
    {
      "cve": "CVE-2021-46955",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46955"
    },
    {
      "cve": "CVE-2021-46956",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46956"
    },
    {
      "cve": "CVE-2021-46957",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46957"
    },
    {
      "cve": "CVE-2021-46958",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46958"
    },
    {
      "cve": "CVE-2021-46960",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46960"
    },
    {
      "cve": "CVE-2021-46961",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46961"
    },
    {
      "cve": "CVE-2021-46962",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46962"
    },
    {
      "cve": "CVE-2021-46963",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46963"
    },
    {
      "cve": "CVE-2021-46964",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46964"
    },
    {
      "cve": "CVE-2021-46965",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46965"
    },
    {
      "cve": "CVE-2021-46966",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46966"
    },
    {
      "cve": "CVE-2021-46967",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46967"
    },
    {
      "cve": "CVE-2021-46968",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46968"
    },
    {
      "cve": "CVE-2021-46969",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46969"
    },
    {
      "cve": "CVE-2021-46970",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46970"
    },
    {
      "cve": "CVE-2021-46971",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46971"
    },
    {
      "cve": "CVE-2021-46972",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46972"
    },
    {
      "cve": "CVE-2021-46973",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46973"
    },
    {
      "cve": "CVE-2021-46974",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46974"
    },
    {
      "cve": "CVE-2021-46975",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46975"
    }
  ]
}

gsd-2021-46958

Vulnerability from gsd

Modified

2024-02-28 06:03

Details

Aliases

CVE-2021-46958

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-46958"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---",
      "id": "GSD-2021-46958",
      "modified": "2024-02-28T06:03:57.728737Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-46958",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ef67963dac25",
                          "version_value": "a4794be7b00b"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.7"
                              },
                              {
                                "lessThan": "5.7",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.10.*",
                                "status": "unaffected",
                                "version": "5.10.36",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.11.*",
                                "status": "unaffected",
                                "version": "5.11.20",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.12.*",
                                "status": "unaffected",
                                "version": "5.12.3",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.13",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-1e70cc10feda"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "name": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "name": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          },
          {
            "name": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
          }
        ],
        "id": "CVE-2021-46958",
        "lastModified": "2024-02-28T14:06:45.783",
        "metrics": {},
        "published": "2024-02-27T19:04:06.813",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

fkie_cve-2021-46958

Vulnerability from fkie_nvd

Published

2024-02-27 19:04

Modified

2024-12-11 14:43

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E35DB7-8D08-44A4-88FE-9B73324500C3",
              "versionEndExcluding": "5.10.36",
              "versionStartIncluding": "5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111",
              "versionEndExcluding": "5.11.20",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32",
              "versionEndExcluding": "5.12.3",
              "versionStartIncluding": "5.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige la ejecuci\u00f3n entre transacciones abortadas y fsyncs que conducen a use-after-free. Hay una carrera entre una tarea que aborta una transacci\u00f3n durante un commit, una tarea que realiza una fsync y la transacci\u00f3n. kthread, lo que conduce a un use-after-free del \u00e1rbol ra\u00edz del registro. Cuando esto sucede, se genera un seguimiento de pila como el siguiente: Informaci\u00f3n BTRFS (dispositivo dm-0): solo lectura forzada Advertencia BTRFS (dispositivo dm-0): omitir confirmaci\u00f3n de transacci\u00f3n abortada. BTRFS: error (dispositivo dm-0) en cleanup_transaction:1958: errno=-5 falla de IO Advertencia de BTRFS (dispositivo dm-0): escritura de p\u00e1gina perdida debido a un error de IO en /dev/mapper/error-test (-5) BTRFS Advertencia (dispositivo dm-0): omitir confirmaci\u00f3n de transacci\u00f3n abortada. Advertencia BTRFS (dispositivo dm-0): IO directa fall\u00f3 en 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 Error BTRFS (dispositivo dm-0): error al escribir el superbloque primario en el dispositivo 1 Advertencia BTRFS (dispositivo dm-0) : error de IO directo ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 advertencia BTRFS (dispositivo dm-0): error de IO directo ino 261 rw 0,0 sector 0x12e008 len 4096 error no 10 advertencia BTRFS (dispositivo dm-0) : error de IO directo ino 261 rw 0,0 sector 0x12e010 len 4096 error no 10 BTRFS: error (dispositivo dm-0) en write_all_supers:4110: errno=-5 error de IO (1 error al escribir supers) BTRFS: error (dispositivo dm -0) en btrfs_sync_log:3308: errno=-5 Fallo de E/S Fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0- rc5-btrfs-next-84 #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 01/04/2014 RIP: 0010:__mutex_lock+ 0x139/0xa40 C\u00f3digo: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 00000000000000002 RD X: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 00000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b 80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2 b4003 CR4 : 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000fffe0ff0 DR7: 000000 0000000400 Rastreo de llamadas: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs]? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+ 0x33/0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 C\u00f3digo : 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c 3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000001 R09: 00007fff26278d5c R10: 0 000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 M\u00f3dulos vinculados en: btrfs dm_zero dm_snapshot dm _thin_pool (...) ---[ end trace ee2f1b19327d791d ]--- Los pasos que conducen a este bloqueo son los siguientes: 1) Estamos en la transacci\u00f3n N; 2) Tenemos dos tareas con un identificador de transacci\u00f3n adjunto a la transacci\u00f3n N. Tarea A y Tarea B. La tarea B est\u00e1 realizando una sincronizaci\u00f3n f; 3) La tarea B est\u00e1 en btrfs_sync_log() y ha guardado fs_info-\u0026gt;log_root_tree en una variable local llamada \u0027log_root_tree\u0027 en la parte superior de btrfs_sync_log().---truncado---"
    }
  ],
  "id": "CVE-2021-46958",
  "lastModified": "2024-12-11T14:43:21.320",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-27T19:04:06.813",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-gmfg-g4f3-5fg9

Vulnerability from github

Published

2024-02-27 21:31

Modified

2024-12-11 15:31

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix race between transaction aborts and fsyncs leading to use-after-free

There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an use-after-free of the log root tree. When this happens, it results in a stack trace like the following:

BTRFS info (device dm-0): forced readonly BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5) BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 BTRFS error (device dm-0): error writing primary super block to device 1 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10 BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers) BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x139/0xa40 Code: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002 RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 Code: 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...) ---[ end trace ee2f1b19327d791d ]---

The steps that lead to this crash are the following:

1) We are at transaction N;

2) We have two tasks with a transaction handle attached to transaction N. Task A and Task B. Task B is doing an fsync;

3) Task B is at btrfs_sync_log(), and has saved fs_info->log_root_tree into a local variable named 'log_root_tree' at the top of btrfs_sync_log(). Task B is about to call write_all_supers(), but before that...

4) Task A calls btrfs_commit_transaction(), and after it sets the transaction state to TRANS_STATE_COMMIT_START, an error happens before it w ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-46958"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n  BTRFS info (device dm-0): forced readonly\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n  BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n  BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n  BTRFS error (device dm-0): error writing primary super block to device 1\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n  BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n  BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n  BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n  general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n  CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__mutex_lock+0x139/0xa40\n  Code: c0 74 19 (...)\n  RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n  RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n  RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n  RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n  R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n  FS:  00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_log+0x7c1/0xf20 [btrfs]\n   btrfs_sync_file+0x40c/0x580 [btrfs]\n   do_fsync+0x38/0x70\n   __x64_sys_fsync+0x10/0x20\n   do_syscall_64+0x33/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  RIP: 0033:0x7fa9142a55c3\n  Code: 8b 15 09 (...)\n  RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n  RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n  RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n  RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n  R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n  Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n  ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n   Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n   into a local variable named \u0027log_root_tree\u0027 at the top of\n   btrfs_sync_log(). Task B is about to call write_all_supers(), but\n   before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n   transaction state to TRANS_STATE_COMMIT_START, an error happens before\n   it w\n---truncated---",
  "id": "GHSA-gmfg-g4f3-5fg9",
  "modified": "2024-12-11T15:31:13Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46958"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-46958

Vulnerability from cvelistv5

wid-sec-w-2024-0500

Vulnerability from csaf_certbund

WID-SEC-W-2024-0500

Vulnerability from csaf_certbund

gsd-2021-46958

Vulnerability from gsd

fkie_cve-2021-46958

Vulnerability from fkie_nvd

ghsa-gmfg-g4f3-5fg9

Vulnerability from github

Tags

Sightings

Nomenclature