| The Linux kernel vulnerability CVE-2021-47066 affects the async_xor function, which is used for calculating XOR values in RAID configurations. The issue arises when dropping a destination page, specifically in RMW (Read-Modify-Write) mode, where the parity page is used as a source page. In this scenario, the `ASYNC_TX_XOR_DROP_DST` flag is set before calculating the XOR value, but only the `src_list` is updated, not the `src_offs`. This leads to incorrect calculation of the XOR value, resulting in data corruption. |
| |
| The vulnerability was introduced in Linux kernel version 5.10 with commit 29bcff787a25 and has been fixed in various versions, including 5.10.37, 5.11.21, 5.12.4, and 5.13. The affected file is `crypto/async_tx/async_xor.c`. |
| |
| The vulnerability can be reproduced on a POWER8 machine by creating an MD RAID device with three disks, formatting it with XFS, mounting it, and then attempting to mount it again, which will fail with a "Structure needs cleaning" error. |
| |
| The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue. If updating is not possible, individual changes can be cherry-picked from the specified commits, but this approach is not recommended or supported by the Linux kernel community. |
| |
