CVE-2021-47119: ext4: fix memory leak in ext4_fill_super
First published: Fri Mar 15 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked. If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksize() didn't fully free superblock page and buffer head, and being busy, they were not freed and instead leaked. This can easily be reproduced by calling an infinite loop of: systemctl start <ext4_on_lvm>.mount, and systemctl stop <ext4_on_lvm>.mount ... since systemd creates a cgroup for each slice which it mounts, and the bh leak get amplified by a dying memory cgroup that also never gets freed, and memory consumption is much more easily noticed.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.19<5.10.43 | |
| Linux Kernel | >=5.11<5.12.10 | |
| Linux Kernel | =5.13-rc1 | |
| Linux Kernel | =5.13-rc2 | |
| Linux Kernel | =5.13-rc3 | |
| Linux Kernel | =5.13-rc4 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/01d349a481f0591230300a9171330136f9159bcd
- https://git.kernel.org/stable/c/1385b23396d511d5233b8b921ac3058b3f86a5e1
- https://git.kernel.org/stable/c/afd09b617db3786b6ef3dc43e28fe728cfea84df
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47119
- https://nvd.nist.gov/vuln/detail/CVE-2021-47119
- https://launchpad.net/bugs/cve/CVE-2021-47119
- https://security-tracker.debian.org/tracker/CVE-2021-47119
- https://ubuntu.com/security/CVE-2021-47119
- https://git.kernel.org/linus/afd09b617db3786b6ef3dc43e28fe728cfea84df
Frequently Asked Questions
What is the severity of CVE-2021-47119?
CVE-2021-47119 has a medium severity rating due to the risk of memory leaks in the Linux kernel.
How do I fix CVE-2021-47119?
To fix CVE-2021-47119, upgrade your Linux kernel to a version that includes the patch for this vulnerability.
What versions of the Linux kernel are affected by CVE-2021-47119?
CVE-2021-47119 affects Linux kernel versions from 2.6.19 up to 5.10.43 and from 5.11 up to 5.12.10, as well as certain release candidates.
What is the nature of the vulnerability described in CVE-2021-47119?
CVE-2021-47119 involves a memory leak in the ext4 filesystem due to buffer head references not being released correctly.
Are there any recommended actions for users of the affected Linux kernel versions from CVE-2021-47119?
Users should promptly update their systems to the latest patched kernel to mitigate the risks associated with CVE-2021-47119.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.19
- version/linux kernel/5.11
- version/linux kernel/5.13-rc1
- version/linux kernel/5.13-rc2
- version/linux kernel/5.13-rc3
- version/linux kernel/5.13-rc4
- package-manager/debian