PT-2021-4245 · Linux+7 · Linux Kernel+7
Published
2021-08-30
·
Updated
2023-08-14
·
CVE-2021-40490
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions up to 5.13.13
Description
A race condition was discovered in the
ext4 write inline data end function in the ext4 subsystem. This issue may allow an attacker to impact the integrity, availability, and confidentiality of data. The vulnerability is caused by concurrent execution using a shared resource with incorrect synchronization, leading to a race condition.Recommendations
For Linux kernel versions up to 5.13.13, update to a version later than 5.13.13 to resolve the issue. As a temporary workaround, consider restricting access to the
ext4 write inline data end function in the fs/ext4/inline.c file to minimize the risk of exploitation.Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu