CVE-2021-47432: lib/generic-radix-tree.c: Don't overflow in peek()
First published: Tue May 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.1.64 | 6.1.64 |
| redhat/kernel | <6.5.13 | 6.5.13 |
| redhat/kernel | <6.6.3 | 6.6.3 |
| redhat/kernel | <6.7 | 6.7 |
| Linux Kernel | <6.1.64 | |
| Linux Kernel | >=6.2<6.5.13 | |
| Linux Kernel | >=6.6<6.6.3 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac
- https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c
- https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437
- https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0
- https://access.redhat.com/security/cve/CVE-2021-47432
- https://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47432-5e69@gregkh/T
- https://access.redhat.com/errata/RHSA-2024:7001
- https://access.redhat.com/errata/RHSA-2024:7000
- https://access.redhat.com/errata/RHSA-2024:9315
- https://access.redhat.com/errata/RHSA-2025:2270
- https://bugzilla.redhat.com/show_bug.cgi?id=2282366
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2021-47432?
CVE-2021-47432 has been classified with medium severity due to its potential to cause integer overflows.
How do I fix CVE-2021-47432?
To resolve CVE-2021-47432, upgrade the Linux kernel to version 6.1.64 or later.
Which versions are affected by CVE-2021-47432?
CVE-2021-47432 affects Linux kernel versions prior to 6.1.64, 6.5.13, 6.6.3, and 6.7.
What systems are impacted by CVE-2021-47432?
CVE-2021-47432 impacts various Linux distributions and any systems running affected versions of the kernel.
Is there a workaround for CVE-2021-47432?
There are no recommended workarounds for CVE-2021-47432; the best mitigation is to apply the updates.
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/author
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-47432
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.2
- version/linux kernel/6.6
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2