CVE-2021-47433 in Linux
Summary
by MITRE • 05/22/2024
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix abort logic in btrfs_replace_file_extents
Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide if we should abort is wrong.
The only way we would abort in this case is if we got a ret != -EOPNOTSUPP and we called from the file clone code. However the prealloc code uses this path too. Instead we need to abort if there is an error, and the only error we _don't_ abort on is -EOPNOTSUPP and only if we came from the clone file code.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/25/2025
The vulnerability CVE-2021-47433 represents a critical flaw in the Linux kernel's btrfs file system implementation that affects the btrfs_replace_file_extents function. This issue stems from incorrect abort logic within the kernel's file system management code, specifically when handling extent replacement operations. The flaw was identified through systematic error injection testing which revealed a scenario where file system corruption could occur due to missing extents in the middle of files. The vulnerability demonstrates a fundamental logic error in how the kernel determines when to abort file system operations during extent replacement processes.
The technical root cause lies in the flawed conditional statement that governs when the btrfs file system should abort operations during extent replacement. The original implementation incorrectly evaluated error conditions, specifically failing to properly distinguish between different error types and calling contexts. The logic only considered aborting operations when encountering errors other than -EOPNOTSUPP, but only in the context of file clone operations. This oversight meant that when the preallocation code path also utilized the same function, errors would be mishandled and potentially lead to file system corruption. The flaw represents a classic case of improper error handling and context awareness in kernel space code, where the same code path was being used for multiple operations but the abort conditions were not properly differentiated.
The operational impact of this vulnerability is severe as it can lead to complete file system corruption with missing data extents, potentially resulting in data loss and system instability. When the btrfs file system encounters certain error conditions during extent replacement, particularly in scenarios involving file cloning or preallocation operations, the system may continue processing instead of properly aborting, leading to inconsistent file system states. This type of corruption can affect critical system files, user data, and application functionality, potentially requiring complete file system restoration or system reinstallation. The vulnerability affects systems running Linux kernels with btrfs file systems, particularly those utilizing file cloning or preallocation features.
Mitigation strategies for CVE-2021-47433 involve updating to kernel versions that contain the patched implementation of btrfs_replace_file_extents. The fix corrects the abort logic to properly handle all error conditions while maintaining appropriate behavior for different calling contexts. System administrators should prioritize kernel updates, particularly for production environments where btrfs file systems are in use. Additionally, organizations should implement monitoring for file system corruption indicators and maintain regular backup procedures to protect against potential data loss. The vulnerability aligns with CWE-755 (Improper Handling of Exceptional Conditions) and represents a failure in proper error propagation and recovery mechanisms. From an ATT&CK perspective, this vulnerability could be exploited to achieve persistence through file system corruption or to cause denial of service conditions, though the primary risk is data integrity compromise rather than direct execution or privilege escalation.