PT-2024-8949 · Linux+7 · Linux Kernel+7

Hao Sun

Published

2024-05-22

Updated

2025-01-24

CVE-2021-47491

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the Linux kernel's khugepaged component, which is responsible for managing huge pages. The read-only THP (Transparent Huge Pages) for filesystems can collapse THP for files opened readonly and mapped with VM EXEC, but it does not restrict file types. This can cause bugs if a THP is collapsed for a non-regular file, such as a block device, when it is opened readonly and mapped with EXEC permission. The intended use case is to avoid TLB misses for large text segments, but the current implementation may lead to issues.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

BDU:2024-10630

CESA-2024_5101

CESA-2024_5102

CVE-2021-47491

INFSA-2024_5101

INFSA-2024_5102

OPENSUSE-SU-2024_2189-1

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2025:0231-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2024-8949 · Linux+7 · Linux Kernel+7

CVE-2021-47491

Weakness Enumeration

Related Identifiers

Affected Products

References · 1796