PT-2024-11165 · Linux+1 · Linux Kernel+1

Josef Bacik

Published

2021-05-27

Updated

2024-06-24

CVE-2021-47113

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue occurs in the btrfs file system when a rename exchange operation fails to insert the second inode reference, resulting in a dangling inode reference and potential file system corruption. This happens because the inode reference for one side of the rename is inserted first, and if the insertion of the second inode reference fails, the first one is left dangling. The problem was uncovered through error injection stress testing. The fix involves aborting the operation if the insertion of the first inode reference is successful.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-13693

CVE-2021-47113

OESA-2024-1392

OESA-2024-1393

OPENSUSE-SU-2024_1642-1

SUSE-SU-2024:1642-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1645-1

SUSE-SU-2024:1650-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2184-1

Affected Products

Linux Kernel

Suse

PT-2024-11165 · Linux+1 · Linux Kernel+1

CVE-2021-47113

Weakness Enumeration

Related Identifiers

Affected Products

References · 891