CVE-2021-47579

ovl: fix warning in ovl_create_real()

Description

In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overlayfs at a later stage during setup, but to prevent such a warning, call ovl_mkdir_real() directly from ovl_workdir_create() and reject this case early.

N/A
CVSS
Severity:
EPSS 0.09%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8
https://git.kernel.org/stable/c/f9f300a92297be8250547347fd52216ef0177ae0
https://git.kernel.org/stable/c/6859985a2fbda5d1586bf44538853e1be69e85f7
https://git.kernel.org/stable/c/d2ccdd4e4efab06178608a34d7bfb20a54104c02
https://git.kernel.org/stable/c/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c

Frequently Asked Questions

What is the severity of CVE-2021-47579?
CVE-2021-47579 has not yet been assigned a CVSS score.
How to fix CVE-2021-47579?
To fix CVE-2021-47579, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47579 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47579 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47579?
CVE-2021-47579 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.