UBUNTU-CVE-2021-47145

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response. The error path for this code handles errors properly, simply return the error.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-279.313 | < 4.15.0-151.157 | < 5.4.0-80.90

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  all | < 4.4.0-1153.159 | < 4.4.0-1191.206 | < 4.15.0-1109.116 | < 5.4.0-1054.57

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1054.57~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2051.53 | all | < 5.4.0-1069.73+fips2

• ubuntu•linux-aws-hwe

  < 4.15.0-1109.116~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1121.134~14.04.1 | < 4.15.0-1121.134~16.04.1 | all | < 5.4.0-1055.57

• ubuntu•linux-azure-4.15

  < 4.15.0-1121.134

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1055.57~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2033.37 | all | < 5.4.0-1073.76+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1016.19

• ubuntu•linux-fips

  < 4.4.0-1123.130 | all | < 4.15.0-1066.75 | < 5.4.0-1031.36

• ubuntu•linux-gcp

  < 4.15.0-1106.120~16.04.1 | all | < 5.4.0-1049.53

• ubuntu•linux-gcp-4.15

  < 4.15.0-1106.120

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1049.53~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2016.18 | all | < 5.4.0-1067.71~20.04.1

• ubuntu•linux-gke

  all

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1021.22

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-151.157~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.19

  all

Showing first 50 affected entries in server-rendered view.

References (12)

• https://ubuntu.com/security/CVE-2021-47145
• https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf
• https://git.kernel.org/stable/c/e934c4ee17b33bafb0444f2f9766cda7166d3c40
• https://git.kernel.org/stable/c/0eaf383c6a4a83c09f60fd07a1bea9f1a9181611
• https://git.kernel.org/stable/c/6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa
• https://git.kernel.org/stable/c/0ed102453aa1cd12fefde8f6b60b9519b0b1f003
• https://git.kernel.org/stable/c/7e13db503918820e6333811cdc6f151dcea5090a
• https://git.kernel.org/stable/c/b545442133580dcb2f2496133bf850824d41255c
• https://git.kernel.org/stable/c/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d
• https://www.cve.org/CVERecord?id=CVE-2021-47145
• https://ubuntu.com/security/notices/USN-8143-1
• https://ubuntu.com/security/notices/USN-8143-2