CVE-2021-28964

Description

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

References

Link	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5	mailing list vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/	vendor advisory
https://security.netapp.com/advisory/ntap-20210430-0003/	third party advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	third party advisory mailing list
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2021-28964?: CVE-2021-28964 has been scored as a medium severity vulnerability.
How to fix CVE-2021-28964?: To fix CVE-2021-28964, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-28964 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-28964 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-362 – Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

References

Frequently Asked Questions