vulnerability
Ubuntu: (CVE-2021-47351): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | May 21, 2024 | Nov 19, 2024 | Sep 1, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
May 21, 2024
Added
Nov 19, 2024
Modified
Sep 1, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix races between xattr_{set|get} and listxattr operations
UBIFS may occur some problems with concurrent xattr_{set|get} and
listxattr operations, such as assertion failure, memory corruption,
stale xattr value[1].
Fix it by importing a new rw-lock in @ubifs_inode to serilize write
operations on xattr, concurrent read operations are still effective,
just like ext4.
[1] https://lore.kernel.org/linux-mtd/[email protected]
Solutions
ubuntu-upgrade-linuxubuntu-upgrade-linux-awsubuntu-upgrade-linux-aws-5-4ubuntu-upgrade-linux-aws-fipsubuntu-upgrade-linux-azureubuntu-upgrade-linux-azure-5-4ubuntu-upgrade-linux-azure-fipsubuntu-upgrade-linux-bluefieldubuntu-upgrade-linux-fipsubuntu-upgrade-linux-gcpubuntu-upgrade-linux-gcp-5-4ubuntu-upgrade-linux-gcp-fipsubuntu-upgrade-linux-gkeopubuntu-upgrade-linux-hwe-5-4ubuntu-upgrade-linux-kvmubuntu-upgrade-linux-oracleubuntu-upgrade-linux-oracle-5-4ubuntu-upgrade-linux-raspiubuntu-upgrade-linux-raspi-5-4
References
- CVE-2021-47351
- https://attackerkb.com/topics/CVE-2021-47351
- CWE-617
- CWE-787
- URL-https://git.kernel.org/linus/f4e3634a3b642225a530c292fdb1e8a4007507f5
- URL-https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6
- URL-https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08
- URL-https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82
- URL-https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386
- URL-https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5
- URL-https://www.cve.org/CVERecord?id=CVE-2021-47351
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.