CVE-2021-47340

Summary

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix GPF in diFree

Avoid passing inode with JFS_SBI(inode->i_sb)->ipimap == NULL to diFree()[1]. GFP will appear:

struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap;
struct inomap *imap = JFS_IP(ipimap)->i_imap;

JFS_IP() will return invalid pointer when ipimap == NULL

Call Trace: diFree+0x13d/0x2dc0 fs/jfs/jfs_imap.c:853 [1] jfs_evict_inode+0x2c9/0x370 fs/jfs/inode.c:154 evict+0x2ed/0x750 fs/inode.c:578 iput_final fs/inode.c:1654 [inline] iput.part.0+0x3fe/0x820 fs/inode.c:1680 iput+0x58/0x70 fs/inode.c:1670

Affected Software

VendorProductVersion RangeStatus
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 7bde24bde490f3139eee147efc6d60d6040fe975affected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 745c9a59422c63f661f4374ed5181740db4130a1affected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 49def1b0644892e3b113673c13d650c3060b43bcaffected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < aff8d95b69051d0cf4acc3d91f22299fdbb9dfb3affected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < a21e5cb1a64c904f1f0ef7b2d386fc7d2b1d2ce2affected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 8018936950360f1c503bb385e158cfc5e4945d18affected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 3bb27e27240289b47d3466f647a55c567adbdc3aaffected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 42f102ea1943ecb10a0756bf75424de5d1d5beedaffected
LinuxLinux62aff86fdf18657d9eca7878654415f94f16d027 < 9d574f985fe33efd6911f4d752de6f485a1ea732affected
LinuxLinux2.6.36affected
LinuxLinux0 < 2.6.36unaffected
LinuxLinux4.4.276 <= 4.4.*unaffected
LinuxLinux4.9.276 <= 4.9.*unaffected
LinuxLinux4.14.240 <= 4.14.*unaffected
LinuxLinux4.19.198 <= 4.19.*unaffected
LinuxLinux5.4.133 <= 5.4.*unaffected
LinuxLinux5.10.51 <= 5.10.*unaffected
LinuxLinux5.12.18 <= 5.12.*unaffected
LinuxLinux5.13.3 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References