CVE-2021-46989

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the hfsplus file truncate() function in the Linux kernel, which can cause corruption and data loss when shrinking truncate happens to the middle of an extent record. The problem occurs because the call to hfs brec remove() is not properly guarded, leading to the removal of the last matching extent record unconditionally. To reproduce this issue, create a file with at least 10 extents and perform a shrinking truncate into the middle of the last extent record, resulting in the number of remaining extents not being under or divisible by 8. The fix involves checking if the new truncated end is below the start of the extent record, making it safe to remove the full extent record.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.