CVE-2021-47189
"ARM64 Linux Btrfs Barrier Vulnerability"
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don't guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is seen as non-null in async_cow_submit which causes submit_compressed_extents to be called and crash occurs because async_chunk::inode suddenly became NULL. The call trace was similar to: pc : submit_compressed_extents+0x38/0x3d0 lr : async_cow_submit+0x50/0xd0 sp : ffff800015d4bc20 <registers omitted for brevity> Call trace: submit_compressed_extents+0x38/0x3d0 async_cow_submit+0x50/0xd0 run_ordered_work+0xc8/0x280 btrfs_work_helper+0x98/0x250 process_one_work+0x1f0/0x4ac worker_thread+0x188/0x504 kthread+0x110/0x114 ret_from_fork+0x10/0x18 Fix this by adding respective barrier calls which ensure that all accesses preceding setting of WORK_DONE_BIT are strictly ordered before setting the flag. At the same time add a read barrier after reading of WORK_DONE_BIT in run_ordered_work which ensures all subsequent loads would be strictly ordered after reading the bit. This in turn ensures are all accesses before WORK_DONE_BIT are going to be strictly ordered before any access that can occur in ordered_func.
INFO
Published Date :
April 10, 2024, 7:15 p.m.
Last Modified :
April 30, 2025, 4:34 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
Yes !
Impact Score :
3.4
Exploitability Score :
2.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2021-47189.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2021-47189 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2021-47189 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 30, 2025
Action Type Old Value New Value Added CWE NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.5 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.256 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.291 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.218 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.82 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.15 up to (excluding) 4.4.293 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.162 Added Reference Type CVE: https://git.kernel.org/stable/c/45da9c1767ac31857df572f0a909fbe88fd5a7e9 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/45da9c1767ac31857df572f0a909fbe88fd5a7e9 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/47e6f9f69153247109042010f3a77579e9dc61ff Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/47e6f9f69153247109042010f3a77579e9dc61ff Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/637d652d351fd4f263ef302dc52f3971d314e500 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/637d652d351fd4f263ef302dc52f3971d314e500 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/670f6b3867c8f0f11e5097f353b164cecfec6179 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/670f6b3867c8f0f11e5097f353b164cecfec6179 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/6adbc07ebcaf8bead08b21687d49e0fc94400987 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/6adbc07ebcaf8bead08b21687d49e0fc94400987 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/804a9d239ae9cbe88e861a7cd62319cc6ec7b136 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/804a9d239ae9cbe88e861a7cd62319cc6ec7b136 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/bd660a20fea3ec60a49709ef5360f145ec0fe779 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/bd660a20fea3ec60a49709ef5360f145ec0fe779 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/ed058d735a70f4b063323f1a7bb33cda0f987513 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ed058d735a70f4b063323f1a7bb33cda0f987513 Types: Patch -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/45da9c1767ac31857df572f0a909fbe88fd5a7e9 Added Reference https://git.kernel.org/stable/c/47e6f9f69153247109042010f3a77579e9dc61ff Added Reference https://git.kernel.org/stable/c/637d652d351fd4f263ef302dc52f3971d314e500 Added Reference https://git.kernel.org/stable/c/670f6b3867c8f0f11e5097f353b164cecfec6179 Added Reference https://git.kernel.org/stable/c/6adbc07ebcaf8bead08b21687d49e0fc94400987 Added Reference https://git.kernel.org/stable/c/804a9d239ae9cbe88e861a7cd62319cc6ec7b136 Added Reference https://git.kernel.org/stable/c/bd660a20fea3ec60a49709ef5360f145ec0fe779 Added Reference https://git.kernel.org/stable/c/ed058d735a70f4b063323f1a7bb33cda0f987513 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 01, 2024
Action Type Old Value New Value Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 28, 2024
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 14, 2024
Action Type Old Value New Value -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 10, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don't guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is seen as non-null in async_cow_submit which causes submit_compressed_extents to be called and crash occurs because async_chunk::inode suddenly became NULL. The call trace was similar to: pc : submit_compressed_extents+0x38/0x3d0 lr : async_cow_submit+0x50/0xd0 sp : ffff800015d4bc20 <registers omitted for brevity> Call trace: submit_compressed_extents+0x38/0x3d0 async_cow_submit+0x50/0xd0 run_ordered_work+0xc8/0x280 btrfs_work_helper+0x98/0x250 process_one_work+0x1f0/0x4ac worker_thread+0x188/0x504 kthread+0x110/0x114 ret_from_fork+0x10/0x18 Fix this by adding respective barrier calls which ensure that all accesses preceding setting of WORK_DONE_BIT are strictly ordered before setting the flag. At the same time add a read barrier after reading of WORK_DONE_BIT in run_ordered_work which ensures all subsequent loads would be strictly ordered after reading the bit. This in turn ensures are all accesses before WORK_DONE_BIT are going to be strictly ordered before any access that can occur in ordered_func. Added Reference kernel.org https://git.kernel.org/stable/c/bd660a20fea3ec60a49709ef5360f145ec0fe779 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/637d652d351fd4f263ef302dc52f3971d314e500 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/804a9d239ae9cbe88e861a7cd62319cc6ec7b136 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/ed058d735a70f4b063323f1a7bb33cda0f987513 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/670f6b3867c8f0f11e5097f353b164cecfec6179 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/6adbc07ebcaf8bead08b21687d49e0fc94400987 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/47e6f9f69153247109042010f3a77579e9dc61ff [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/45da9c1767ac31857df572f0a909fbe88fd5a7e9 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2021-47189 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2021-47189
weaknesses.