CVE-2021-47114
ocfs2: fix data corruption by fallocate
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix data corruption by fallocate
When fallocate punches holes out of inode size, if original isize is in
the middle of last cluster, then the part from isize to the end of the
cluster will be zeroed with buffer write, at that time isize is not yet
updated to match the new size, if writeback is kicked in, it will invoke
ocfs2_writepage()->block_write_full_page() where the pages out of inode
size will be dropped. That will cause file corruption. Fix this by
zero out eof blocks when extending the inode size.
Running the following command with qemu-image 4.2.1 can get a corrupted
coverted image file easily.
qemu-img convert -p -t none -T none -f qcow2 $qcow_image \n -O qcow2 -o compat=1.1 $qcow_image.conv
The usage of fallocate in qemu is like this, it first punches holes out
of inode size, then extend the inode size.
fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0
fallocate(11, 0, 2276196352, 65536) = 0
v1: https://www.spinics.net/lists/linux-fsdevel/msg193999.html
v2: https://lore.kernel.org/linux-fsdevel/20210525093034.GB4112@quack2.suse.cz/T/
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ocfs2: corrige la corrupción de datos por fallocate Cuando fallocate perfora agujeros en el tamaño del inodo, si el isize original está en el medio del último clúster, entonces la parte desde isize hasta el final del clúster se pondrá a cero con la escritura en el búfer, en ese momento isize aún no se ha actualizado para que coincida con el nuevo tamaño, si se activa la reescritura, invocará ocfs2_writepage()->block_write_full_page() donde se eliminarán las páginas fuera del tamaño del inodo. Eso causará corrupción de archivos. Solucione este problema poniendo a cero los bloques eof al extender el tamaño del inodo. Ejecutar el siguiente comando con qemu-image 4.2.1 puede obtener fácilmente un archivo de imagen corrupto y convertido. qemu-img convert -p -t none -T none -f qcow2 $qcow_image \ -O qcow2 -o compat=1.1 $qcow_image.conv El uso de fallocate en qemu es así, primero perfora agujeros en el tamaño del inodo, luego ampliar el tamaño del inodo. fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0 fallocate(11, 0, 2276196352, 65536) = 0 v1: https://www.spinics.net/lists/linux-fsdevel/msg193999.html v2: https //lore.kernel.org/linux-fsdevel/20210525093034.GB4112@quack2.suse.cz/T/
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-04 CVE Reserved
- 2024-03-15 CVE Published
- 2024-03-16 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.4.272 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.272" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.9.272 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.272" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.14.236 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.236" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.19.194 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.194" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4.125 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.125" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.43 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.43" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.12.10 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.10" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13" | en |
Affected
|