Linux Kernel up to 5.11.19/5.12/5.12.2 ext4 /dev/sda ext4_abort denial of service

Summaryinfo

A vulnerability classified as critical has been found in Linux Kernel up to 5.11.19/5.12/5.12.2. Affected by this vulnerability is the function ext4_abort of the file /dev/sda of the component ext4. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2021-46945. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical has been found in Linux Kernel up to 5.11.19/5.12/5.12.2 (Operating System). This affects the function ext4_abort of the file /dev/sda of the component ext4. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sda -o remount,abort test After commit 014c9caa29d3, remounting a file system using the test mount option "abort" will no longer trigger a panic. This commit will restore the behaviour immediately before commit 014c9caa29d3. (However, note that the Linux kernel's behavior has not been consistent; some previous kernel versions, including 5.4 and 4.19 similarly did not panic after using the mount option "abort".) This also makes a change to long-standing behaviour; namely, the following series commands will now cause a panic, when previously it did not: 1. mount /dev/sda -o ro,errors=panic test 2. echo test > /sys/fs/ext4/sda/trigger_fs_error However, this makes ext4's behaviour much more consistent, so this is a good thing.

The weakness was published 02/27/2024. The advisory is shared at git.kernel.org. This vulnerability is uniquely identified as CVE-2021-46945 since 02/25/2024. Technical details are known, but no exploit is available.

Upgrading to version 5.11.20, 5.12.3 or 5.13 eliminates this vulnerability. Applying the patch 64e1eebe2131/1e9ea8f46370/ac2f7ca51b09 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.0
• 5.1
• 5.2
• 5.3
• 5.4
• 5.5
• 5.6
• 5.7
• 5.8
• 5.9
• 5.10
• 5.11
• 5.11.0
• 5.11.1
• 5.11.2
• 5.11.3
• 5.11.4
• 5.11.5
• 5.11.6
• 5.11.7
• 5.11.8
• 5.11.9
• 5.11.10
• 5.11.11
• 5.11.12
• 5.11.13
• 5.11.14
• 5.11.15
• 5.11.16
• 5.11.17
• 5.11.18
• 5.11.19
• 5.12
• 5.12.0
• 5.12.1
• 5.12.2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion