CVE-2021-46987
Public on
Last Modified:
Description
A vulnerability was found in the Linux kernel’s btrfs module, where there are a few exceptional cases when cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, a transaction starts while having a dirty page for the destination inode and while having the range locked in the destination's inode iotree. When reserving metadata space for a transaction, flushing the existing delalloc is needed in case there is not enough free space. There is a mechanism in place to prevent a deadlock, which was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock when cloning inline extent and low on free metadata space").
However, when using qgroups, a transaction also reserves metadata qgroup space, which can also result in flushing delalloc in case there is not enough available space. When this happens, a deadlock occurs, since flushing delalloc requires locking the file range in the inode's iotree and the range was already locked at the very beginning of the clone operation, before attempting to start the transaction.
Statement
Red Hat Enterprise Linux 8 and 9 are not affected by this CVE, as they do not include Btrfs filesystem support (CONFIG_BTRFS_FS is not set).
Mitigation
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Additional information
- Bugzilla 2266752: kernel: btrfs: fix deadlock when cloning inline extents and using qgroups
- CWE-833: Deadlock
- FAQ: Frequently asked questions about CVE-2021-46987
Common Vulnerability Scoring System (CVSS) Score Details
Important note
CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat's score and impact rating can be different from NVD and other vendors. Red Hat remains the authoritative CVE Naming Authority (CNA) source for its products and services (see Red Hat classifications).
The following CVSS metrics and score provided are preliminary and subject to review.
| Red Hat | NVD | |
|---|---|---|
CVSS v3 Base Score | 5.5 | 5.5 |
Attack Vector | Local | Local |
Attack Complexity | Low | Low |
Privileges Required | Low | Low |
User Interaction | None | None |
Scope | Unchanged | Unchanged |
Confidentiality Impact | None | None |
Integrity Impact | None | None |
Availability Impact | High | High |
CVSS v3 Vector
Red Hat: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Frequently Asked Questions
Why is Red Hat's CVSS v3 score or Impact different from other vendors?
My product is listed as "Under investigation" or "Affected", when will Red Hat release a fix for this vulnerability?
What can I do if my product is listed as "Will not fix"?
What can I do if my product is listed as "Fix deferred"?
What is a mitigation?
I have a Red Hat product but it is not in the above list, is it affected?
Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed or not affected?
My product is listed as "Out of Support Scope". What does this mean?
Not sure what something means? Check out our Security Glossary.
Want to get errata notifications? Sign up here.
