fkie_cve-2021-47458
Vulnerability from fkie_nvd
Published
2024-05-22 07:15
Modified
2024-11-21 06:36
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that strings for cluster stack and cluster name are not guaranteed to be null terminated in the disk representation, while strlcpy assumes that the source string is always null terminated. This causes a read outside of the source string triggering the buffer overflow detection. detected buffer overflow in strlen ------------[ cut here ]------------ kernel BUG at lib/string.c:1149! invalid opcode: 0000 [#1] SMP PTI CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1 Debian 5.14.6-2 RIP: 0010:fortify_panic+0xf/0x11 ... Call Trace: ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] ocfs2_fill_super+0x359/0x19b0 [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_mount+0x454/0xa20 __x64_sys_mount+0x103/0x140 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: mount fails with buffer overflow in strlen\n\nStarting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an\nocfs2 filesystem with either o2cb or pcmk cluster stack fails with the\ntrace below.  Problem seems to be that strings for cluster stack and\ncluster name are not guaranteed to be null terminated in the disk\nrepresentation, while strlcpy assumes that the source string is always\nnull terminated.  This causes a read outside of the source string\ntriggering the buffer overflow detection.\n\n  detected buffer overflow in strlen\n  ------------[ cut here ]------------\n  kernel BUG at lib/string.c:1149!\n  invalid opcode: 0000 [#1] SMP PTI\n  CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1\n    Debian 5.14.6-2\n  RIP: 0010:fortify_panic+0xf/0x11\n  ...\n  Call Trace:\n   ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]\n   ocfs2_fill_super+0x359/0x19b0 [ocfs2]\n   mount_bdev+0x185/0x1b0\n   legacy_get_tree+0x27/0x40\n   vfs_get_tree+0x25/0xb0\n   path_mount+0x454/0xa20\n   __x64_sys_mount+0x103/0x140\n   do_syscall_64+0x3b/0xc0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ocfs2: el montaje falla con desbordamiento del búfer en strlen. A partir del kernel 5.11 compilado con CONFIG_FORTIFY_SOURCE, la conexión de un sistema de archivos ocfs2 con una pila de clúster o2cb o pcmk falla con el siguiente seguimiento. El problema parece ser que no se garantiza que las cadenas para la pila del clúster y el nombre del clúster tengan terminación nula en la representación del disco, mientras que strlcpy supone que la cadena de origen siempre termina en nulo. Esto provoca una lectura fuera de la cadena de origen que activa la detección de desbordamiento del búfer. se detectó desbordamiento del búfer en strlen ------------[ cortar aquí ]------------ ¡ERROR del kernel en lib/string.c:1149! código de operación no válido: 0000 [#1] SMP PTI CPU: 1 PID: 910 Comm: mount.ocfs2 No contaminado 5.14.0-1-amd64 #1 Debian 5.14.6-2 RIP: 0010:fortify_panic+0xf/0x11... Seguimiento de llamadas: ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] ocfs2_fill_super+0x359/0x19b0 [ocfs2] mount_bdev+0x185/0x1b0 Legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 xa20 __x64_sys_mount+0x103/0x140 do_syscall_64+0x3b/0xc0 entrada_SYSCALL_64_after_hwframe+0x44/0xae",
      },
   ],
   id: "CVE-2021-47458",
   lastModified: "2024-11-21T06:36:11.440",
   metrics: {},
   published: "2024-05-22T07:15:10.780",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/0e677ea5b7396f715a76b6b0ef441430e4c4b57f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/232ed9752510de4436468b653d145565669c8498",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/4b74ddcc22ee6455946e80a9c4808801f8f8561e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/7623b1035ca2d17bde0f6a086ad6844a34648df1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/93be0eeea14cf39235e585c8f56df3b3859deaad",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/b15fa9224e6e1239414525d8d556d824701849fc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/d3a83576378b4c904f711598dde2c5e881c4295c",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Awaiting Analysis",
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.