CVE-2021-47646

Summary

In the Linux kernel, the following vulnerability has been resolved:

Revert "Revert "block, bfq: honor already-setup queue merges""

A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq: honor already-setup queue merges""). Yet, the reverted commit was not the one introducing the bug. In fact, it actually triggered a UAF introduced by a different commit, and now fixed by commit d29bd41428cf ("block, bfq: reset last_bfqq_created on group change").

So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges") out. This commit restores it.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < f990f0985eda59d4f29fc83fcf300c92b1225d39affected
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < 931aff627469a75c77b9fd3823146d0575afffd6affected
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < cc051f497eac9d8a0d816cd4bffa3415f2724871affected
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < 65d8a737452e88f251fe5d925371de6d606df613affected
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < abc2129e646af7b43025d90a071f83043f1ae76caffected
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < 4083925bd6dc89216d156474a8076feec904e607affected
LinuxLinuxaee69d78dec0ffdf82e35d57c626e80dddc314d5 < 15729ff8143f8135b03988a100a19e66d7cb7ecdaffected
LinuxLinux4.12affected
LinuxLinux0 < 4.12unaffected
LinuxLinux4.19.238 <= 4.19.*unaffected
LinuxLinux5.4.189 <= 5.4.*unaffected
LinuxLinux5.10.110 <= 5.10.*unaffected
LinuxLinux5.15.33 <= 5.15.*unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References