CVE-2021-47458 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability is a buffer overflow in the `strlen` function, which occurs when mounting an ocfs2 filesystem with either o2cb or pcmk cluster stack. This happens because the strings for cluster stack and cluster name are not guaranteed to be null-terminated in the disk representation, while `strlcpy` assumes that the source string is always null-terminated.

 When this occurs, a read outside of the source string triggers the buffer overflow detection, leading to a kernel bug being detected. The issue has been resolved in various Linux kernel versions, including 4.4.290, 4.9.288, 4.14.253, 4.19.214, 5.4.156, 5.10.76, and 5.14.15.

 The affected file is `fs/ocfs2/super.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as many other bugfixes. If updating is impossible, individual changes can be found in specific commits on the Git kernel repository.
	The vulnerability is a buffer overflow in the `strlen` function, which occurs when mounting an ocfs2 filesystem with either o2cb or pcmk cluster stack. This happens because the strings for cluster stack and cluster name are not guaranteed to be null-terminated in the disk representation, while `strlcpy` assumes that the source string is always null-terminated.

	When this occurs, a read outside of the source string triggers the buffer overflow detection, leading to a kernel bug being detected. The issue has been resolved in various Linux kernel versions, including 4.4.290, 4.9.288, 4.14.253, 4.19.214, 5.4.156, 5.10.76, and 5.14.15.

	The affected file is `fs/ocfs2/super.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as many other bugfixes. If updating is impossible, individual changes can be found in specific commits on the Git kernel repository.