CVE-2021-47117 in Linuxinfo

Summary

by MITRE • 03/15/2024

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed

We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762!
[130747.323117] Internal error: Oops - BUG: 0 [#1] SMP
...... [130747.334329] Call trace:
[130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4]
[130747.334975] ext4_cache_extents+0x64/0xe8 [ext4]
[130747.335368] ext4_find_extent+0x300/0x330 [ext4]
[130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4]
[130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4]
[130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4]
[130747.336995] ext4_readpage+0x54/0x100 [ext4]
[130747.337359] generic_file_buffered_read+0x410/0xae8
[130747.337767] generic_file_read_iter+0x114/0x190
[130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4]
[130747.338556] __vfs_read+0x11c/0x188
[130747.338851] vfs_read+0x94/0x150
[130747.339110] ksys_read+0x74/0xf0

This patch's modification is according to Jan Kara's suggestion in: https://patchwork.ozlabs.org/project/linux-ext4/patch/[email protected]/ "I see. Now I understand your patch. Honestly, seeing how fragile is trying to fix extent tree after split has failed in the middle, I would probably go even further and make sure we fix the tree properly in case of ENOSPC and EDQUOT (those are easily user triggerable). Anything else indicates a HW problem or fs corruption so I'd rather leave the extent tree as is and don't try to fix it (which also means we will not create overlapping extents)."

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/21/2025

The vulnerability CVE-2021-47117 represents a critical kernel-level bug in the linux ext4 filesystem implementation that manifests as a kernel oops and potential system crash. This flaw occurs within the ext4_es_cache_extent function in the extents_status.c file at line 762, where a kernel BUG condition is triggered during filesystem stress testing with injected I/O faults. The issue specifically arises when the ext4_split_extent_at function fails during extent splitting operations, leaving the extent tree in an inconsistent state that cannot be properly handled by subsequent cache operations.

The technical root cause involves improper error handling within the extent management subsystem of the ext4 filesystem driver. When ext4_split_extent_at encounters failure conditions such as ENOSPC or EDQUOT errors during extent splitting, the function does not properly maintain the integrity of the extent tree structure. This failure condition causes the ext4_es_cache_extent function to attempt operations on corrupted or partially updated extent entries, resulting in the kernel BUG at the specified memory location. The call trace demonstrates the execution path leading to the failure, showing the cascade from read operations through the generic file I/O layers down to the ext4 filesystem implementation where the actual bug occurs.

The operational impact of this vulnerability is significant as it can lead to complete system crashes and potential data corruption during normal filesystem operations. The vulnerability is particularly dangerous because it can be triggered through standard filesystem stress testing scenarios using fsstress tools with I/O fault injection, making it exploitable in environments where such testing is performed. When the kernel oops occurs, it typically results in a system panic requiring manual reboot, potentially causing data loss or service disruption. The vulnerability affects systems running affected kernel versions where the ext4 filesystem is used for storage operations, with the risk increasing during high I/O load conditions or when filesystem fragmentation is present.

Mitigation strategies for this vulnerability include applying the official kernel patch that addresses the specific extent tree corruption issue during split operations. The fix implements more robust error handling that prevents attempts to modify corrupted extent structures when split operations fail, aligning with the suggested approach from Jan Kara that recommends leaving the extent tree in an inconsistent state rather than attempting to fix it, which could create overlapping extents. System administrators should prioritize updating to kernel versions containing the fix, particularly those using ext4 filesystems under heavy I/O workloads. Additionally, monitoring for kernel oops messages and implementing proper system crash recovery procedures can help detect early signs of this vulnerability in environments where patching may not be immediately possible. This vulnerability aligns with CWE-691 and ATT&CK techniques related to kernel exploitation and privilege escalation through filesystem vulnerabilities.

Reservation

03/04/2024

Disclosure

03/15/2024

Moderation

accepted

CPE

ready

EPSS

0.00240

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!