CVE-2021-28964 — Race Condition in Linux
Severity
4.7MEDIUMNVD
OSV7.8OSV6.5OSV5.3
EPSS
0.1%
top 75.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 22
Latest updateMay 24
Description
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 9.0, Fedora 32, 33, 34
🔴Vulnerability Details
6GHSA
▶
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-06-08
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.↗2021-06-08
📋Vendor Advisories
6Red Hat▶
kernel: race condition in get_old_root function in fs/btrfs/ctree.c because of a lack of locking on an extent buffer before a cloning operation↗2021-03-16
Microsoft▶
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent↗2021-03-09
💬Community
1Bugzilla▶
CVE-2021-28964 kernel: race condition in get_old_root function in fs/btrfs/ctree.c because of a lack of locking on an extent buffer before a cloning operation↗2021-03-22