PT-2024-11452 · Linux+2 · Linux Kernel+2

Valentin Vidic

Published

2021-10-18

Updated

2024-06-25

CVE-2021-47458

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.11 and later, built with CONFIG FORTIFY SOURCE, are affected.

Description The issue arises from the fact that strings for cluster stack and cluster name are not guaranteed to be null terminated in the disk representation, while the strlcpy function assumes that the source string is always null terminated. This causes a read outside of the source string, triggering the buffer overflow detection. The problem occurs when mounting an ocfs2 filesystem with either o2cb or pcmk cluster stack.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122CWE-120

Related Identifiers

BDU:2025-06022

CVE-2021-47458

OESA-2024-1692

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11452 · Linux+2 · Linux Kernel+2

CVE-2021-47458

Weakness Enumeration

Related Identifiers

Affected Products

References · 1583