CVE-2021-4149
First published: Mon Oct 18 2021(Updated: )
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.15 | 5.15 |
| Linux Kernel | <5.15 | |
| Linux Kernel | =5.15 | |
| Linux Kernel | =5.15-rc1 | |
| Linux Kernel | =5.15-rc2 | |
| Linux Kernel | =5.15-rc3 | |
| Linux Kernel | =5.15-rc4 | |
| Linux Kernel | =5.15-rc5 | |
| Debian Linux | =9.0 | |
| debian/linux | <=5.10.223-1<=5.10.234-1 | 6.1.129-1 6.1.135-1 6.12.22-1 6.12.25-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-4149 https://nvd.nist.gov/vuln/detail/CVE-2021-4149 https://lkml.org/lkml/2021/10/18/885 https://lkml.org/lkml/2021/9/13/2565
- https://bugzilla.redhat.com/show_bug.cgi?id=2026485
- https://access.redhat.com/security/cve/cve-2021-4149
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://lkml.org/lkml/2021/10/18/885
- https://lkml.org/lkml/2021/9/13/2565
- https://launchpad.net/bugs/cve/CVE-2021-4149
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4149
- https://nvd.nist.gov/vuln/detail/CVE-2021-4149
- https://security-tracker.debian.org/tracker/CVE-2021-4149
- https://ubuntu.com/security/CVE-2021-4149
- https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211
Frequently Asked Questions
What is the severity of CVE-2021-4149?
CVE-2021-4149 is classified as a denial of service vulnerability due to a potential deadlock problem in the Linux kernel.
How do I fix CVE-2021-4149?
To remediate CVE-2021-4149, upgrade the Linux kernel to version 5.15 or later.
Which Linux kernel versions are affected by CVE-2021-4149?
CVE-2021-4149 affects Linux kernel versions prior to 5.15.
Can CVE-2021-4149 be exploited remotely?
CVE-2021-4149 requires local privileges to exploit, meaning it cannot be done remotely by an external attacker.
What kind of systems are vulnerable to CVE-2021-4149?
Systems running an affected version of the Linux kernel prior to 5.15 are vulnerable to CVE-2021-4149.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-4149
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/trending
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.15
- version/linux kernel/5.15-rc1
- version/linux kernel/5.15-rc2
- version/linux kernel/5.15-rc3
- version/linux kernel/5.15-rc4
- version/linux kernel/5.15-rc5
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- package-manager/debian