PT-2025-7949 · Linux+3 · Linux Kernel+3

Zhihao Cheng

Published

2025-02-26

Updated

2025-05-21

CVE-2021-47638

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double-free issue has been identified in the Linux kernel, specifically in the ubifs module. The problem occurs when the rename whiteout operation fails due to a space budget issue, causing the whiteout ui->data to be freed twice. This is confirmed by KASAN reports, which indicate a double-free or invalid-free error in ubifs free inode. The issue arises from the rename whiteout process, where whiteout ui->data is allocated and then freed, but also freed again in ubifs free inode. The estimated number of potentially affected devices is not provided.

Recommendations To resolve the issue, let ubifs free inode() free whiteout ui->data. Additionally, remove the unused assignment whiteout ui->data len = 0, as it is not needed in the ubifs evict inode() process.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2021-47638

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-7949 · Linux+3 · Linux Kernel+3

CVE-2021-47638

Weakness Enumeration

Related Identifiers

Affected Products

References · 1337