CVE-2021-45469

First published: Thu Dec 23 2021(Updated: )

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Linux kernel	<=5.15.11
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
Netapp H410c Firmware
Netapp H410c
Apple macOS Ventura
Apple macOS Big Sur
Apple macOS Big Sur
Apple macOS Ventura
Apple macOS Big Sur
Apple macOS Monterey
Netapp H300e Firmware
Netapp H300e
Netapp H500e Firmware
Netapp H500e
Netapp H700e Firmware
Netapp H700e
Apple macOS Monterey
Apple macOS Monterey
ubuntu/linux	<4.15.0-169.177	4.15.0-169.177
ubuntu/linux	<5.4.0-105.119	5.4.0-105.119
ubuntu/linux	<5.13.0-37.42	5.13.0-37.42
ubuntu/linux	<4.4.0-222.255	4.4.0-222.255
ubuntu/linux	<5.17~	5.17~
ubuntu/linux-aws	<4.15.0-1121.129	4.15.0-1121.129
ubuntu/linux-aws	<5.4.0-1069.73	5.4.0-1069.73
ubuntu/linux-aws	<5.13.0-1019.21	5.13.0-1019.21
ubuntu/linux-aws	<5.17~	5.17~
ubuntu/linux-aws	<4.4.0-1102.107	4.4.0-1102.107
ubuntu/linux-aws	<4.4.0-1138.152	4.4.0-1138.152
ubuntu/linux-aws-5.0	<5.17~	5.17~
ubuntu/linux-aws-5.11	<5.17~	5.17~
ubuntu/linux-aws-5.13	<5.13.0-1019.21~20.04.1	5.13.0-1019.21~20.04.1
ubuntu/linux-aws-5.13	<5.17~	5.17~
ubuntu/linux-aws-5.3	<5.17~	5.17~
ubuntu/linux-aws-5.4	<5.4.0-1069.73~18.04.1	5.4.0-1069.73~18.04.1
ubuntu/linux-aws-5.4	<5.17~	5.17~
ubuntu/linux-aws-5.8	<5.17~	5.17~
ubuntu/linux-aws-hwe	<4.15.0-1120.128~16.04.1	4.15.0-1120.128~16.04.1
ubuntu/linux-aws-hwe	<5.17~	5.17~
ubuntu/linux-azure	<5.4.0-1073.76	5.4.0-1073.76
ubuntu/linux-azure	<5.13.0-1021.24	5.13.0-1021.24
ubuntu/linux-azure	<4.15.0-1131.144~14.04.1	4.15.0-1131.144~14.04.1
ubuntu/linux-azure	<4.15.0-1131.144~16.04.1	4.15.0-1131.144~16.04.1
ubuntu/linux-azure	<5.17~	5.17~
ubuntu/linux-azure-4.15	<5.17~	5.17~
ubuntu/linux-azure-4.15	<4.15.0-1131.144	4.15.0-1131.144
ubuntu/linux-azure-5.11	<5.17~	5.17~
ubuntu/linux-azure-5.13	<5.13.0-1021.24~20.04.1	5.13.0-1021.24~20.04.1
ubuntu/linux-azure-5.13	<5.17~	5.17~
ubuntu/linux-azure-5.3	<5.17~	5.17~
ubuntu/linux-azure-5.4	<5.4.0-1073.76~18.04.1	5.4.0-1073.76~18.04.1
ubuntu/linux-azure-5.4	<5.17~	5.17~
ubuntu/linux-azure-edge	<5.17~	5.17~
ubuntu/linux-azure-fde	<5.17~	5.17~
ubuntu/linux-azure-fde	<5.4.0-1073.76	5.4.0-1073.76
ubuntu/linux-bluefield	<5.4.0-1032.35	5.4.0-1032.35
ubuntu/linux-bluefield	<5.17~	5.17~
ubuntu/linux-dell300x	<4.15.0-1035.40	4.15.0-1035.40
ubuntu/linux-dell300x	<5.17~	5.17~
ubuntu/linux-fips	<5.17~	5.17~
ubuntu/linux-gcp	<5.4.0-1068.72	5.4.0-1068.72
ubuntu/linux-gcp	<5.13.0-1021.25	5.13.0-1021.25
ubuntu/linux-gcp	<4.15.0-1116.130~16.04.1	4.15.0-1116.130~16.04.1
ubuntu/linux-gcp	<5.17~	5.17~
ubuntu/linux-gcp-4.15	<4.15.0-1116.130	4.15.0-1116.130
ubuntu/linux-gcp-4.15	<5.17~	5.17~
ubuntu/linux-gcp-5.11	<5.17~	5.17~
ubuntu/linux-gcp-5.13	<5.13.0-1021.25~20.04.1	5.13.0-1021.25~20.04.1
ubuntu/linux-gcp-5.13	<5.17~	5.17~
ubuntu/linux-gcp-5.3	<5.17~	5.17~
ubuntu/linux-gcp-5.4	<5.4.0-1068.72~18.04.1	5.4.0-1068.72~18.04.1
ubuntu/linux-gcp-5.8	<5.17~	5.17~
ubuntu/linux-gke	<5.4.0-1066.69	5.4.0-1066.69
ubuntu/linux-gke	<5.17~	5.17~
ubuntu/linux-gke-4.15	<5.17~	5.17~
ubuntu/linux-gke-5.0	<5.17~	5.17~
ubuntu/linux-gke-5.3	<5.17~	5.17~
ubuntu/linux-gke-5.4	<5.4.0-1066.69~18.04.1	5.4.0-1066.69~18.04.1
ubuntu/linux-gke-5.4	<5.17~	5.17~
ubuntu/linux-gkeop	<5.4.0-1037.38	5.4.0-1037.38
ubuntu/linux-gkeop	<5.17~	5.17~
ubuntu/linux-gkeop-5.4	<5.17~	5.17~
ubuntu/linux-gkeop-5.4	<5.4.0-1037.38~18.04.1	5.4.0-1037.38~18.04.1
ubuntu/linux-hwe	<5.17~	5.17~
ubuntu/linux-hwe	<4.15.0-169.177~16.04.1	4.15.0-169.177~16.04.1
ubuntu/linux-hwe-5.11	<5.17~	5.17~
ubuntu/linux-hwe-5.13	<5.13.0-37.42~20.04.1	5.13.0-37.42~20.04.1
ubuntu/linux-hwe-5.13	<5.17~	5.17~
ubuntu/linux-hwe-5.4	<5.17~	5.17~
ubuntu/linux-hwe-5.4	<5.4.0-105.119~18.04.1	5.4.0-105.119~18.04.1
ubuntu/linux-hwe-5.8	<5.17~	5.17~
ubuntu/linux-hwe-edge	<5.17~	5.17~
ubuntu/linux-ibm	<5.17~	5.17~
ubuntu/linux-ibm	<5.4.0-1018.20	5.4.0-1018.20
ubuntu/linux-ibm-5.4	<5.4.0-1018.20~18.04.1	5.4.0-1018.20~18.04.1
ubuntu/linux-ibm-5.4	<5.17~	5.17~
ubuntu/linux-intel-5.13	<5.17~	5.17~
ubuntu/linux-kvm	<5.17~	5.17~
ubuntu/linux-kvm	<4.15.0-1107.109	4.15.0-1107.109
ubuntu/linux-kvm	<5.4.0-1059.62	5.4.0-1059.62
ubuntu/linux-kvm	<5.13.0-1018.19	5.13.0-1018.19
ubuntu/linux-kvm	<4.4.0-1103.112	4.4.0-1103.112
ubuntu/linux-lowlatency	<5.17~	5.17~
ubuntu/linux-lts-xenial	<5.17~	5.17~
ubuntu/linux-lts-xenial	<4.4.0-222.255~14.04.1	4.4.0-222.255~14.04.1
ubuntu/linux-oem	<5.17~	5.17~
ubuntu/linux-oem-5.10	<5.17~	5.17~
ubuntu/linux-oem-5.13	<5.17~	5.17~
ubuntu/linux-oem-5.14	<5.14.0-1022.24	5.14.0-1022.24
ubuntu/linux-oem-5.17	<5.17~	5.17~
ubuntu/linux-oem-5.6	<5.17~	5.17~
ubuntu/linux-oem-osp1	<5.17~	5.17~
ubuntu/linux-oracle	<5.17~	5.17~
ubuntu/linux-oracle	<4.15.0-1087.95	4.15.0-1087.95
ubuntu/linux-oracle	<5.4.0-1067.72	5.4.0-1067.72
ubuntu/linux-oracle	<5.13.0-1023.28	5.13.0-1023.28
ubuntu/linux-oracle	<4.15.0-1087.95~16.04.1	4.15.0-1087.95~16.04.1
ubuntu/linux-oracle-5.0	<5.17~	5.17~
ubuntu/linux-oracle-5.11	<5.17~	5.17~
ubuntu/linux-oracle-5.13	<5.13.0-1025.30~20.04.1	5.13.0-1025.30~20.04.1
ubuntu/linux-oracle-5.13	<5.17~	5.17~
ubuntu/linux-oracle-5.3	<5.17~	5.17~
ubuntu/linux-oracle-5.4	<5.4.0-1067.72~18.04.1	5.4.0-1067.72~18.04.1
ubuntu/linux-raspi	<5.4.0-1056.63	5.4.0-1056.63
ubuntu/linux-raspi	<5.13.0-1022.24	5.13.0-1022.24
ubuntu/linux-raspi	<5.17~	5.17~
ubuntu/linux-raspi-5.4	<5.4.0-1056.63~18.04.1	5.4.0-1056.63~18.04.1
ubuntu/linux-raspi-5.4	<5.17~	5.17~
ubuntu/linux-raspi2	<4.15.0-1103.110	4.15.0-1103.110
ubuntu/linux-raspi2	<5.17~	5.17~
ubuntu/linux-raspi2-5.3	<5.17~	5.17~
ubuntu/linux-riscv	<5.13.0-1017.19	5.13.0-1017.19
ubuntu/linux-riscv	<5.17~	5.17~
ubuntu/linux-riscv-5.11	<5.17~	5.17~
ubuntu/linux-riscv-5.8	<5.17~	5.17~
ubuntu/linux-snapdragon	<4.15.0-1120.129	4.15.0-1120.129
ubuntu/linux-snapdragon	<5.17~	5.17~
All of
Netapp H410c Firmware
Netapp H410c
All of
Apple macOS Ventura
Apple macOS Big Sur
All of
Apple macOS Big Sur
Apple macOS Ventura
All of
Apple macOS Big Sur
Apple macOS Monterey
All of
Netapp H300e Firmware
Netapp H300e
All of
Netapp H500e Firmware
Netapp H500e
All of
Netapp H700e Firmware
Netapp H700e
All of
Apple macOS Monterey
Apple macOS Monterey
debian/linux		4.19.249-2 4.19.304-1 5.10.197-1 5.10.205-2 6.1.66-1 6.1.69-1 6.6.13-1 6.6.15-2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/nvd-index
collector/security-tracker-debian
source/Debian
collector/usn-cve
source/Ubuntu
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.15.11
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
version/fedoraproject fedora/35
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0
version/debian debian linux/11.0
vendor/netapp
canonical/netapp h410c firmware
canonical/netapp h410c
canonical/apple macos ventura
canonical/apple macos big sur
canonical/apple macos monterey
canonical/netapp h300e firmware
canonical/netapp h300e
canonical/netapp h500e firmware
canonical/netapp h500e
canonical/netapp h700e firmware
canonical/netapp h700e
package-manager/debian
package-manager/ubuntu

CVE-2021-45469

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact