CVE-2021-47366

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to corruption in reads at file positions between 2G and 4G from an OpenAFS server. This occurs because the Linux afs client switches between two data fetch RPC variants, FS.FetchData and FS.FetchData64, based on the read size, file position, or the sum of the two having the upper 32 bits set of the 64-bit value. However, the file position and length fields of FS.FetchData are signed 32-bit values, which causes the problem. The fix involves capturing the capability bits obtained from the fileserver and using the VICED CAPABILITY 64BITFILES flag to decide whether to use FS.FetchData or FS.FetchData64. This issue does not exist with FS.StoreData, which uses unsigned 32-bit values, or with Auristor servers that use unsigned 64-bit values for YFS.FetchData64.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.