PT-2024-11090 · Linux · Linux Kernel
Chao Yu
·
Published
2021-05-11
·
Updated
2024-12-31
·
CVE-2021-46982
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.12.0-rc1-custom #1
Description
The issue is caused by a race condition between truncate and overwrite operations in the f2fs compress functionality. This can lead to a situation where a page is detached from the mapping tree after truncation, and later,
find lock page() may return a NULL pointer. The root cause is that truncate() may race with overwrite, so that one reference count left in the page cannot guarantee the page is attached to the mapping tree all the time.Technical details about exploitation include:
- The
prepare compress overwritefunction - The
f2fs pagecache get pagefunction - The
unlock pagefunction - The
f2fs setattrfunction - The
truncate setsizefunction - The
truncate inode pagefunction - The
delete from page cachefunction - The
find lock pagefunction
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel