CVE-2021-47365

afs: Fix page leak

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix page leak

There's a loop in afs_extend_writeback() that adds extra pages to a write
we want to make to improve the efficiency of the writeback by making it
larger. This loop stops, however, if we hit a page we can't write back
from immediately, but it doesn't get rid of the page ref we speculatively
acquired.

This was caused by the removal of the cleanup loop when the code switched
from using find_get_pages_contig() to xarray scanning as the latter only
gets a single page at a time, not a batch.

Fix this by putting the page on a ref on an early break from the loop.
Unfortunately, we can't just add that page to the pagevec we're employing
as we'll go through that and add those pages to the RPC call.

This was found by the generic/074 test. It leaks ~4GiB of RAM each time it
is run - which can be observed with "top".

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: afs: Reparar pérdida de página. Hay un bucle en afs_extend_writeback() que agrega páginas adicionales a una escritura que queremos realizar para mejorar la eficiencia de la escritura diferida haciéndola más grande. Sin embargo, este bucle se detiene si llegamos a una página desde la que no podemos escribir de inmediato, pero no elimina la referencia de página que adquirimos especulativamente. Esto se debió a la eliminación del bucle de limpieza cuando el código pasó de usar find_get_pages_contig() a escanear xarray, ya que este último solo obtiene una página a la vez, no un lote. Solucione este problema poniendo la página en un árbitro en un descanso temprano del bucle. Desafortunadamente, no podemos simplemente agregar esa página al pagevec que estamos empleando, ya que revisaremos eso y agregaremos esas páginas a la llamada RPC. Esto se encontró mediante la prueba genérica/074. Pierde ~4GiB de RAM cada vez que se ejecuta, lo que se puede observar con "TOP".

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/e87b03f5830ecd8ca21836d3ee48c74f8d58fa31	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d130b5fdd42254d92948d06347940276140c927e	2021-09-30
https://git.kernel.org/stable/c/581b2027af0018944ba301d68e7af45c6d1128b5	2021-09-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.14.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.14.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15"		en		Affected