Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-47366— afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server

EPSS 0.01% · P3
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-47366

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read size, the file position or the sum of the two have the upper 32 bits set of the 64-bit value. This is a problem, however, since the file position and length fields of FS.FetchData are *signed* 32-bit values. Fix this by capturing the capability bits obtained from the fileserver when it's sent an FS.GetCapabilities RPC, rather than just discarding them, and then picking out the VICED_CAPABILITY_64BITFILES flag. This can then be used to decide whether to use FS.FetchData or FS.FetchData64 - and also FS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to switch on the parameter values. This capabilities flag could also be used to limit the maximum size of the file, but all servers must be checked for that. Note that the issue does not exist with FS.StoreData - that uses *unsigned* 32-bit values. It's also not a problem with Auristor servers as its YFS.FetchData64 op uses unsigned 64-bit values. This can be tested by cloning a git repo through an OpenAFS client to an OpenAFS server and then doing "git status" on it from a Linux afs client[1]. Provided the clone has a pack file that's in the 2G-4G range, the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index This can be observed in the server's FileLog with something like the following appearing: Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001 Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001 Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154 Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866 ... Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5 Note the file position of 18446744071815340032. This is the requested file position sign-extended.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于从 OpenAFS 服务器读取 fpos 2G-4G 时会导致损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux b9b1f8d5930a813879278d0cbfc8c658d6a038dc ~ e66fc460d6dcf85cf12288e133a081205aebcd97 -
LinuxLinux 2.6.22 -

II. Public POCs for CVE-2021-47366

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-47366

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-21 · 361 CVEs total

CVE-2021-47432lib/generic-radix-tree.c: Don't overflow in peek()
CVE-2023-52760gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
CVE-2023-52757smb: client: fix potential deadlock when releasing mids
CVE-2023-52755ksmbd: fix slab out of bounds write in smb_inherit_dacl()
CVE-2023-52754media: imon: fix access to invalid resource for the second interface
CVE-2023-52753drm/amd/display: Avoid NULL dereference of timing generator
CVE-2023-52752smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
CVE-2023-52751smb: client: fix use-after-free in smb2_query_info_compound()
CVE-2023-52750arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
CVE-2023-52749spi: Fix null dereference on suspend
CVE-2023-52748f2fs: avoid format-overflow warning
CVE-2022-48710drm/radeon: fix a possible null pointer dereference
CVE-2023-52742net: USB: Fix wrong-direction WARNING in plusb.c
CVE-2023-52738drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
CVE-2023-52740powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch
CVE-2023-52739Fix page corruption caused by racy check in __free_pages
CVE-2023-52741cifs: Fix use-after-free in rdata->read_into_pages()
CVE-2023-52743ice: Do not use WQ_MEM_RECLAIM flag for workqueue
CVE-2023-52746xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
CVE-2023-52747IB/hfi1: Restore allocated resources on failed copyout

Showing top 20 of 361 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2021-47366

No comments yet

Leave a comment