CVE-2021-28964

low-risk
Published 2021-03-22

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
LOCAL / HIGH complexity

Affected Products (9)

Fas 500F Firmware

Affected Vendors

Debian Linux Fedoraproject Netapp

References (14)

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=db...
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.netapp.com/advisory/ntap-20210430-0003/
Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=db...
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.netapp.com/advisory/ntap-20210430-0003/
27
/ 100
low-risk
Severity 12/34 · Low
Exploitability 0/34 · Minimal
Exposure 15/34 · Moderate