CVE-2021-47646
Linux Kernel Uninitialized Pointer Dereference in BFQ Block Driver
Description
In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq: honor already-setup queue merges""). Yet, the reverted commit was not the one introducing the bug. In fact, it actually triggered a UAF introduced by a different commit, and now fixed by commit d29bd41428cf ("block, bfq: reset last_bfqq_created on group change"). So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges") out. This commit restores it. [1] https://bugzilla.kernel.org/show_bug.cgi?id=214503
INFO
Published Date :
Feb. 26, 2025, 6:37 a.m.
Last Modified :
March 24, 2025, 5:46 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2021-47646.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2021-47646 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2021-47646 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Mar. 24, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.19.238 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.189 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.33 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17 up to (excluding) 5.17.2 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.110 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.16.19 Added Reference Type kernel.org: https://git.kernel.org/stable/c/15729ff8143f8135b03988a100a19e66d7cb7ecd Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/4083925bd6dc89216d156474a8076feec904e607 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/65d8a737452e88f251fe5d925371de6d606df613 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/931aff627469a75c77b9fd3823146d0575afffd6 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/abc2129e646af7b43025d90a071f83043f1ae76c Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/cc051f497eac9d8a0d816cd4bffa3415f2724871 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/f990f0985eda59d4f29fc83fcf300c92b1225d39 Types: Patch -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 27, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-416 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 26, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq: honor already-setup queue merges""). Yet, the reverted commit was not the one introducing the bug. In fact, it actually triggered a UAF introduced by a different commit, and now fixed by commit d29bd41428cf ("block, bfq: reset last_bfqq_created on group change"). So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges") out. This commit restores it. [1] https://bugzilla.kernel.org/show_bug.cgi?id=214503 Added Reference https://git.kernel.org/stable/c/15729ff8143f8135b03988a100a19e66d7cb7ecd Added Reference https://git.kernel.org/stable/c/4083925bd6dc89216d156474a8076feec904e607 Added Reference https://git.kernel.org/stable/c/65d8a737452e88f251fe5d925371de6d606df613 Added Reference https://git.kernel.org/stable/c/931aff627469a75c77b9fd3823146d0575afffd6 Added Reference https://git.kernel.org/stable/c/abc2129e646af7b43025d90a071f83043f1ae76c Added Reference https://git.kernel.org/stable/c/cc051f497eac9d8a0d816cd4bffa3415f2724871 Added Reference https://git.kernel.org/stable/c/f990f0985eda59d4f29fc83fcf300c92b1225d39
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2021-47646 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2021-47646
weaknesses.