Published: 18/03/2022 Updated: 04/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In the Linux kernel prior to 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
netapp h300s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
netapp h410c_firmware -
netapp h500s_firmware -

In the Linux kernel before 5153, fs/quota/quota_treec does not validate the block number in the quota tree (on disk) This can, for example, lead to a kernel/locking/rwsemc use-after-free if there is a corrupted quota file ...

CWE-416 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.3 https://www.openwall.com/lists/oss-security/2022/03/17/2 https://www.openwall.com/lists/oss-security/2022/03/17/1 https://bugzilla.kernel.org/show_bug.cgi?id=214655 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bf3d20331295b1ecb81f4ed9ef358c51699a050 https://security.netapp.com/advisory/ntap-20220419-0003/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-45868

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-45868

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect