CVE-2021-47072

一、漏洞信息
 漏洞编号：[CVE-2021-47072](https://nvd.nist.gov/vuln/detail/CVE-2021-47072)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0
 CVSS V2.0分值：
  BaseScore：0.0 Low
  Vector：CVSS：2.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:btrfs: fix removed dentries still existing after log is syncedWhen we move one inode from one directory to another and both the inodeand its previous parent directory were logged before, we are not supposedto have the dentry for the old parent if we have a power failure after thelog is synced. Only the new dentry is supposed to exist.Generally this works correctly, however there is a scenario where this isnot currently working, because the old parent of the file/directory thatwas moved is not authoritative for a range that includes the dir index anddir item keys of the old dentry. This case is better explained with thefollowing example and reproducer:  # The test requires a very specific layout of keys and items in the  # fs/subvolume btree to trigger the bug. So we want to make sure that  # on whatever platform we are, we have the same leaf/node size.  #  # Currently in btrfs the node/leaf size can not be smaller than the page  # size (but it can be greater than the page size). So use the largest  # supported node/leaf size (64K).  $ mkfs.btrfs -f -n 65536 /dev/sdc  $ mount /dev/sdc /mnt  #  testdir  is inode 257.  $ mkdir /mnt/testdir  $ chmod 755 /mnt/testdir  # Create several empty files to have the directory  testdir  with its  # items spread over several leaves (7 in this case).  $ for ((i = 1; i <= 1200; i++)); do       echo -n > /mnt/testdir/file$i    done  # Create our test directory  dira , inode number 1458, which gets all  # its items in leaf 7.  #  # The BTRFS_DIR_ITEM_KEY item for inode 257 ( testdir ) that points to  # the entry named  dira  is in leaf 2, while the BTRFS_DIR_INDEX_KEY  # item that points to that entry is in leaf 3.  #  # For this particular filesystem node size (64K), file count and file  # names, we endup with the directory entry items from inode 257 in  # leaves 2 and 3, as previously mentioned - what matters for triggering  # the bug exercised by this test case is that those items are not placed  # in leaf 1, they must be placed in a leaf different from the one  # containing the inode item for inode 257.  #  # The corresponding BTRFS_DIR_ITEM_KEY and BTRFS_DIR_INDEX_KEY items for  # the parent inode (257) are the following:  #  #    item 460 key (257 DIR_ITEM 3724298081) itemoff 48344 itemsize 34  #         location key (1458 INODE_ITEM 0) type DIR  #         transid 6 data_len 0 name_len 4  #         name: dira  #  # and:  #  #    item 771 key (257 DIR_INDEX 1202) itemoff 36673 itemsize 34  #         location key (1458 INODE_ITEM 0) type DIR  #         transid 6 data_len 0 name_len 4  #         name: dira  $ mkdir /mnt/testdir/dira  # Make sure everything done so far is durably persisted.  $ sync  # Now do a change to inode 257 ( testdir ) that does not result in  # COWing leaves 2 and 3 - the leaves that contain the directory items  # pointing to inode 1458 (directory  dira ).  #  # Changing permissions, the owner/group, updating or adding a xattr,  # etc, will not change (COW) leaves 2 and 3. So for the sake of  # simplicity change the permissions of inode 257, which results in  # updating its inode item and therefore change (COW) only leaf 1.  $ chmod 700 /mnt/testdir  # Now fsync directory inode 257.  #  # Since only the first leaf was changed/COWed, we log the inode item of  # inode 257 and only the dentries found in the first leaf, all have a  # key type of BTRFS_DIR_ITEM_KEY, and no keys of type  # BTRFS_DIR_INDEX_KEY, because they sort after the former type and none  # exist in the first leaf.  #  # We also log 3 items that represent ranges for dir items and dir  # indexes for which the log is authoritative:  #  # 1) a key of type BTRFS_DIR_LOG_ITEM_KEY, which indicates the log is  #    authoritative for all BTRFS_DIR_ITEM_KEY keys that have an offset  #    in the range [0, 2285968570] (the offset here is th---truncated---
 漏洞公开时间：2024-03-02 06:15:47
 漏洞创建时间：2024-03-02 08:37:21
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2021-47072
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6d0924c5b742036b4f20a0ffdf2b6cf3f963f5f6 |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47072 | https://bugzilla.suse.com/show_bug.cgi?id=1220847 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2021-47072 | https://bugzilla.suse.com/show_bug.cgi?id=1220847 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2267370 | https://bugzilla.suse.com/show_bug.cgi?id=1220847 |
| suse_bugzilla | https://lore.kernel.org/linux-cve-announce/2024030141-CVE-2021-47072-52d4@gregkh/ | https://bugzilla.suse.com/show_bug.cgi?id=1220847 |
| suse_bugzilla | https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54a40fc3a1da | https://bugzilla.suse.com/show_bug.cgi?id=1220847 |
| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024030141-CVE-2021-47072-52d4@gregkh/T/#u | https://bugzilla.redhat.com/show_bug.cgi?id=2267370 |
| ubuntu | https://git.kernel.org/linus/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 (5.13-rc3) | https://ubuntu.com/security/CVE-2021-47072 |
| ubuntu | https://www.cve.org/CVERecord?id=CVE-2021-47072 | https://ubuntu.com/security/CVE-2021-47072 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2021-47072 | https://ubuntu.com/security/CVE-2021-47072 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2021-47072 | https://ubuntu.com/security/CVE-2021-47072 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2021-47072 | https://ubuntu.com/security/CVE-2021-47072 |
| cve_search |  | https://git.kernel.org/stable/c/6d0924c5b742036b4f20a0ffdf2b6cf3f963f5f6 |
| cve_search |  | https://git.kernel.org/stable/c/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47072 | https://ubuntu.com/security/CVE-2021-47072 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54a40fc3a1da |  | suse_bugzilla |
| linux |  | https://git.kernel.org/linus/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 | https://git.kernel.org/linus/64d6b281ba4db044c946158387c74e1149b9487e | ubuntu |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  Reserved.
 openEuler评分：
  4.0
 Vector：CVSS：3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(4.19.90):不受影响
2.openEuler-20.03-LTS-SP4(4.19.90):不受影响
3.openEuler-22.03-LTS(5.10.0):不受影响
4.openEuler-22.03-LTS-SP1(5.10.0):不受影响
5.openEuler-22.03-LTS-SP2(5.10.0):不受影响
6.openEuler-22.03-LTS-SP3(5.10.0):不受影响
7.master(6.1.0):不受影响
8.openEuler-22.03-LTS-Next(5.10.0):不受影响
9.openEuler-24.03-LTS:不受影响
10.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS(5.10.0):否
4.openEuler-22.03-LTS-SP1(5.10.0):否
5.openEuler-22.03-LTS-SP2(5.10.0):否
6.openEuler-22.03-LTS-SP3(5.10.0):否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next(5.10.0):否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否

src-openEuler/kernel

内容风险标识

评论 (10)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2021-47072

评论 (10)

搜索帮助

src-openEuler/kernel