| The vulnerability, CVE-2021-47433, is a flaw in the Linux kernel's Btrfs file system. Specifically, it affects the `btrfs_replace_file_extents` function, which is responsible for replacing file extents (i.e., contiguous blocks of data on disk) with new ones. |
| |
| The issue arises when error injection testing reveals a scenario where the file system can become corrupted, resulting in a missing extent in the middle of a file. This occurs because the logic to decide whether to abort the operation is incorrect. The function only aborts if it receives an error code other than `-EOPNOTSUPP` and was called from the file clone code path. However, the preallocation code also uses this path, and therefore the function should abort on any error, except for `-EOPNOTSUPP` when coming from the file clone code. |
| |
| The fix involves modifying the `btrfs_replace_file_extents` function to correctly handle errors and abort the operation in the affected scenarios. The fix has been applied to kernel versions 5.10.75, 5.14.14, and 5.15, with commits 0e32a2b85c7d, 0e309e1152fc, and 4afb912f439c, respectively. |
| |
