CVE - CVE-2021-47638

CVE-ID
CVE-2021-47638	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ubifs: rename_whiteout: Fix double free for whiteout_ui->data 'whiteout_ui->data' will be freed twice if space budget fail for rename whiteout operation as following process: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Free first time iput(whiteout) ubifs_free_inode kfree(ui->data) // Double free! KASAN reports: ================================================================== BUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70 Call Trace: kfree+0x117/0x490 ubifs_free_inode+0x4f/0x70 [ubifs] i_callback+0x30/0x60 rcu_do_batch+0x366/0xac0 __do_softirq+0x133/0x57f Allocated by task 1506: kmem_cache_alloc_trace+0x3c2/0x7a0 do_rename+0x9b7/0x1150 [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 Freed by task 1506: kfree+0x117/0x490 do_rename.cold+0x53/0x8a [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 The buggy address belongs to the object at ffff88810238bed8 which belongs to the cache kmalloc-8 of size 8 ================================================================== Let ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused assignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode() -> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it (because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release', and the nlink of whiteout inode is 0).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/14276d38c89a170363e90b6ac0a53c3cf61b87fc URL:https://git.kernel.org/stable/c/14276d38c89a170363e90b6ac0a53c3cf61b87fc MISC:https://git.kernel.org/stable/c/2ad07009c459e56ebdcc089d850d664660fdb742 URL:https://git.kernel.org/stable/c/2ad07009c459e56ebdcc089d850d664660fdb742 MISC:https://git.kernel.org/stable/c/2b3236ecf96db7af5836e1366ce39ace8ce832fa URL:https://git.kernel.org/stable/c/2b3236ecf96db7af5836e1366ce39ace8ce832fa MISC:https://git.kernel.org/stable/c/40a8f0d5e7b3999f096570edab71c345da812e3e URL:https://git.kernel.org/stable/c/40a8f0d5e7b3999f096570edab71c345da812e3e MISC:https://git.kernel.org/stable/c/6d7a158a7363c1f6604aa47ae1a280a5c65123dd URL:https://git.kernel.org/stable/c/6d7a158a7363c1f6604aa47ae1a280a5c65123dd MISC:https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6e15ac651484e59d3fa36274 URL:https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6e15ac651484e59d3fa36274 MISC:https://git.kernel.org/stable/c/a90e2dbe66d2647ff95a0442ad2e86482d977fd8 URL:https://git.kernel.org/stable/c/a90e2dbe66d2647ff95a0442ad2e86482d977fd8 MISC:https://git.kernel.org/stable/c/b9a937f096e608b3368c1abc920d4d640ba2c94f URL:https://git.kernel.org/stable/c/b9a937f096e608b3368c1abc920d4d640ba2c94f
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)