cve/published/2021/CVE-2021-47343.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: assign new_root only when removal succeeds\n\nremove_raw() in dm_btree_remove() may fail due to IO read error\n(e.g. read the content of origin block fails during shadowing),\nand the value of shadow_spine::root is uninitialized, but\nthe uninitialized value is still assign to new_root in the\nend of dm_btree_remove().\n\nFor dm-thin, the value of pmd->details_root or pmd->root will become\nan uninitialized value, so if trying to read details_info tree again\nout-of-bound memory may occur as showed below:\n\n  general protection fault, probably for non-canonical address 0x3fdcb14c8d7520\n  CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6\n  Hardware name: QEMU Standard PC\n  RIP: 0010:metadata_ll_load_ie+0x14/0x30\n  Call Trace:\n   sm_metadata_count_is_more_than_one+0xb9/0xe0\n   dm_tm_shadow_block+0x52/0x1c0\n   shadow_step+0x59/0xf0\n   remove_raw+0xb2/0x170\n   dm_btree_remove+0xf4/0x1c0\n   dm_pool_delete_thin_device+0xc3/0x140\n   pool_message+0x218/0x2b0\n   target_message+0x251/0x290\n   ctl_ioctl+0x1c4/0x4d0\n   dm_ctl_ioctl+0xe/0x20\n   __x64_sys_ioctl+0x7b/0xb0\n   do_syscall_64+0x40/0xb0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFixing it by only assign new_root when removal succeeds"
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/md/persistent-data/dm-btree-remove.c"
                ],
                "versions": [
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "4c84b3e0728ffe10d89c633694c35a02b5c477dc",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "c154775619186781aaf8a99333ac07437a1768d5",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "73f27adaa73e3057a9ec464e33c4f54d34ea5de3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "8fbae4a1bdb5b889490cdee929e68540151536e5",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "964d57d1962d7e68f0f578f05d9ae4a104d74851",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "ba47e65a5de3e0e8270301a409fc63d3129fdb9e",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "89bf942314b78d454db92427201421b5dec132d9",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "ad365e9351ac2b450e7e79932ff6abf59342d91a",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                      "lessThan": "b6e58b5466b2959f83034bead2e2e1395cca8aeb",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/md/persistent-data/dm-btree-remove.c"
                ],
                "versions": [
                   {
                      "version": "4.4.276",
                      "lessThanOrEqual": "4.4.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "4.9.276",
                      "lessThanOrEqual": "4.9.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "4.14.240",
                      "lessThanOrEqual": "4.14.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "4.19.198",
                      "lessThanOrEqual": "4.19.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.4.133",
                      "lessThanOrEqual": "5.4.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.10.51",
                      "lessThanOrEqual": "5.10.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.12.18",
                      "lessThanOrEqual": "5.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.13.3",
                      "lessThanOrEqual": "5.13.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.14",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "4.4.276"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "4.9.276"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "4.14.240"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "4.19.198"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.4.133"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.10.51"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.12.18"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.13.3"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionEndExcluding": "5.14"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc"
             },
             {
                "url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5"
             },
             {
                "url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3"
             },
             {
                "url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5"
             },
             {
                "url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851"
             },
             {
                "url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e"
             },
             {
                "url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9"
             },
             {
                "url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a"
             },
             {
                "url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb"
             }
          ],
          "title": "dm btree remove: assign new_root only when removal succeeds",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2021-47343",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: assign new_root only when removal succeeds\n\nremove_raw() in dm_btree_remove() may fail due to IO read error\n(e.g. read the content of origin block fails during shadowing),\nand the value of shadow_spine::root is uninitialized, but\nthe uninitialized value is still assign to new_root in the\nend of dm_btree_remove().\n\nFor dm-thin, the value of pmd->details_root or pmd->root will become\nan uninitialized value, so if trying to read details_info tree again\nout-of-bound memory may occur as showed below:\n\n general protection fault, probably for non-canonical address 0x3fdcb14c8d7520\n CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6\n Hardware name: QEMU Standard PC\n RIP: 0010:metadata_ll_load_ie+0x14/0x30\n Call Trace:\n sm_metadata_count_is_more_than_one+0xb9/0xe0\n dm_tm_shadow_block+0x52/0x1c0\n shadow_step+0x59/0xf0\n remove_raw+0xb2/0x170\n dm_btree_remove+0xf4/0x1c0\n dm_pool_delete_thin_device+0xc3/0x140\n pool_message+0x218/0x2b0\n target_message+0x251/0x290\n ctl_ioctl+0x1c4/0x4d0\n dm_ctl_ioctl+0xe/0x20\n __x64_sys_ioctl+0x7b/0xb0\n do_syscall_64+0x40/0xb0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFixing it by only assign new_root when removal succeeds"
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/md/persistent-data/dm-btree-remove.c"
	],
	"versions": [
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "4c84b3e0728ffe10d89c633694c35a02b5c477dc",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "c154775619186781aaf8a99333ac07437a1768d5",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "73f27adaa73e3057a9ec464e33c4f54d34ea5de3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "8fbae4a1bdb5b889490cdee929e68540151536e5",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "964d57d1962d7e68f0f578f05d9ae4a104d74851",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "ba47e65a5de3e0e8270301a409fc63d3129fdb9e",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "89bf942314b78d454db92427201421b5dec132d9",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "ad365e9351ac2b450e7e79932ff6abf59342d91a",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
	"lessThan": "b6e58b5466b2959f83034bead2e2e1395cca8aeb",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/md/persistent-data/dm-btree-remove.c"
	],
	"versions": [
	{
	"version": "4.4.276",
	"lessThanOrEqual": "4.4.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "4.9.276",
	"lessThanOrEqual": "4.9.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "4.14.240",
	"lessThanOrEqual": "4.14.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "4.19.198",
	"lessThanOrEqual": "4.19.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.4.133",
	"lessThanOrEqual": "5.4.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.10.51",
	"lessThanOrEqual": "5.10.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.12.18",
	"lessThanOrEqual": "5.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.13.3",
	"lessThanOrEqual": "5.13.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.14",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "4.4.276"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "4.9.276"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "4.14.240"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "4.19.198"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.4.133"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.10.51"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.12.18"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.13.3"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionEndExcluding": "5.14"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc"
	},
	{
	"url": "https://git.kernel.org/stable/c/c154775619186781aaf8a99333ac07437a1768d5"
	},
	{
	"url": "https://git.kernel.org/stable/c/73f27adaa73e3057a9ec464e33c4f54d34ea5de3"
	},
	{
	"url": "https://git.kernel.org/stable/c/8fbae4a1bdb5b889490cdee929e68540151536e5"
	},
	{
	"url": "https://git.kernel.org/stable/c/964d57d1962d7e68f0f578f05d9ae4a104d74851"
	},
	{
	"url": "https://git.kernel.org/stable/c/ba47e65a5de3e0e8270301a409fc63d3129fdb9e"
	},
	{
	"url": "https://git.kernel.org/stable/c/89bf942314b78d454db92427201421b5dec132d9"
	},
	{
	"url": "https://git.kernel.org/stable/c/ad365e9351ac2b450e7e79932ff6abf59342d91a"
	},
	{
	"url": "https://git.kernel.org/stable/c/b6e58b5466b2959f83034bead2e2e1395cca8aeb"
	}
	],
	"title": "dm btree remove: assign new_root only when removal succeeds",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2021-47343",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}