Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2021 / CVE-2021-47256.json
blob: 5ecfaab3464f8475a921ba3b3cf2887ef88c852f [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: make sure wait for page writeback in memory_failure\n\nOur syzkaller trigger the \"BUG_ON(!list_empty(&inode->i_wb_list))\" in\nclear_inode:\n\n kernel BUG at fs/inode.c:519!\n Internal error: Oops - BUG: 0 [#1] SMP\n Modules linked in:\n Process syz-executor.0 (pid: 249, stack limit = 0x00000000a12409d7)\n CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted 4.19.95\n Hardware name: linux,dummy-virt (DT)\n pstate: 80000005 (Nzcv daif -PAN -UAO)\n pc : clear_inode+0x280/0x2a8\n lr : clear_inode+0x280/0x2a8\n Call trace:\n clear_inode+0x280/0x2a8\n ext4_clear_inode+0x38/0xe8\n ext4_free_inode+0x130/0xc68\n ext4_evict_inode+0xb20/0xcb8\n evict+0x1a8/0x3c0\n iput+0x344/0x460\n do_unlinkat+0x260/0x410\n __arm64_sys_unlinkat+0x6c/0xc0\n el0_svc_common+0xdc/0x3b0\n el0_svc_handler+0xf8/0x160\n el0_svc+0x10/0x218\n Kernel panic - not syncing: Fatal exception\n\nA crash dump of this problem show that someone called __munlock_pagevec\nto clear page LRU without lock_page: do_mmap -> mmap_region -> do_munmap\n-> munlock_vma_pages_range -> __munlock_pagevec.\n\nAs a result memory_failure will call identify_page_state without\nwait_on_page_writeback. And after truncate_error_page clear the mapping\nof this page. end_page_writeback won't call sb_clear_inode_writeback to\nclear inode->i_wb_list. That will trigger BUG_ON in clear_inode!\n\nFix it by checking PageWriteback too to help determine should we skip\nwait_on_page_writeback."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"mm/memory-failure.c"
],
"versions": [
{
"version": "0bc1f8b0682caa39f45ce1e0228ebf43acb46111",
"lessThan": "d05267fd27a5c4f54e06daefa3035995d765ca0c",
"status": "affected",
"versionType": "git"
},
{
"version": "0bc1f8b0682caa39f45ce1e0228ebf43acb46111",
"lessThan": "6d210d547adc2218ef8b5bcf23518c5f2f1fd872",
"status": "affected",
"versionType": "git"
},
{
"version": "0bc1f8b0682caa39f45ce1e0228ebf43acb46111",
"lessThan": "566345aaabac853aa866f53a219c4b02a6beb527",
"status": "affected",
"versionType": "git"
},
{
"version": "0bc1f8b0682caa39f45ce1e0228ebf43acb46111",
"lessThan": "9e379da727a7a031be9b877cde7b9c34a0fb8306",
"status": "affected",
"versionType": "git"
},
{
"version": "0bc1f8b0682caa39f45ce1e0228ebf43acb46111",
"lessThan": "28788dc5c70597395b6b451dae4549bbaa8e2c56",
"status": "affected",
"versionType": "git"
},
{
"version": "0bc1f8b0682caa39f45ce1e0228ebf43acb46111",
"lessThan": "e8675d291ac007e1c636870db880f837a9ea112a",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"mm/memory-failure.c"
],
"versions": [
{
"version": "3.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.238",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.196",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.128",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.46",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.12.13",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "4.14.238"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "4.19.196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "5.4.128"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "5.10.46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "5.12.13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "5.13"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/d05267fd27a5c4f54e06daefa3035995d765ca0c"
},
{
"url": "https://git.kernel.org/stable/c/6d210d547adc2218ef8b5bcf23518c5f2f1fd872"
},
{
"url": "https://git.kernel.org/stable/c/566345aaabac853aa866f53a219c4b02a6beb527"
},
{
"url": "https://git.kernel.org/stable/c/9e379da727a7a031be9b877cde7b9c34a0fb8306"
},
{
"url": "https://git.kernel.org/stable/c/28788dc5c70597395b6b451dae4549bbaa8e2c56"
},
{
"url": "https://git.kernel.org/stable/c/e8675d291ac007e1c636870db880f837a9ea112a"
}
],
"title": "mm/memory-failure: make sure wait for page writeback in memory_failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2021-47256",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}