vulnerability

Red Hat: CVE-2021-47646: kernel: Revert "Revert "block, bfq: honor already-setup queue merges""

Name: Red Hat: CVE-2021-47646: kernel: Revert "Revert "block, bfq: honor already-setup queue merges""
Creator: Red Hat
Published: 2025-02-26T00:00:00.000Z
Keywords: CVE, Red Hat, 2021, 47646, kernel, no-fix-redhat-rpm-package, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Feb 26, 2025

Added

Jul 9, 2025

Modified

Jul 10, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

Revert "Revert "block, bfq: honor already-setup queue merges""

A crash [1] happened to be triggered in conjunction with commit
2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The
latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq:
honor already-setup queue merges""). Yet, the reverted commit was not
the one introducing the bug. In fact, it actually triggered a UAF
introduced by a different commit, and now fixed by commit d29bd41428cf
("block, bfq: reset last_bfqq_created on group change").

So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq:
honor already-setup queue merges") out. This commit restores it.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2021-47646

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report