| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2021-47119: ext4: fix memory leak in ext4_fill_super |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| ext4: fix memory leak in ext4_fill_super |
| |
| Buffer head references must be released before calling kill_bdev(); |
| otherwise the buffer head (and its page referenced by b_data) will not |
| be freed by kill_bdev, and subsequently that bh will be leaked. |
| |
| If blocksizes differ, sb_set_blocksize() will kill current buffers and |
| page cache by using kill_bdev(). And then super block will be reread |
| again but using correct blocksize this time. sb_set_blocksize() didn't |
| fully free superblock page and buffer head, and being busy, they were |
| not freed and instead leaked. |
| |
| This can easily be reproduced by calling an infinite loop of: |
| |
| systemctl start <ext4_on_lvm>.mount, and |
| systemctl stop <ext4_on_lvm>.mount |
| |
| ... since systemd creates a cgroup for each slice which it mounts, and |
| the bh leak get amplified by a dying memory cgroup that also never |
| gets freed, and memory consumption is much more easily noticed. |
| |
| The Linux kernel CVE team has assigned CVE-2021-47119 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 2.6.19 with commit ac27a0ec112a089f1a5102bc8dffc79c8c815571 and fixed in 5.10.43 with commit 01d349a481f0591230300a9171330136f9159bcd |
| Issue introduced in 2.6.19 with commit ac27a0ec112a089f1a5102bc8dffc79c8c815571 and fixed in 5.12.10 with commit 1385b23396d511d5233b8b921ac3058b3f86a5e1 |
| Issue introduced in 2.6.19 with commit ac27a0ec112a089f1a5102bc8dffc79c8c815571 and fixed in 5.13 with commit afd09b617db3786b6ef3dc43e28fe728cfea84df |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2021-47119 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| fs/ext4/super.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/01d349a481f0591230300a9171330136f9159bcd |
| https://git.kernel.org/stable/c/1385b23396d511d5233b8b921ac3058b3f86a5e1 |
| https://git.kernel.org/stable/c/afd09b617db3786b6ef3dc43e28fe728cfea84df |
