Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq: honor already-setup queue merges""). Yet, the reverted commit was not the one introducing the bug. In fact, it actually triggered a UAF introduced by a different commit, and now fixed by commit d29bd41428cf ("block, bfq: reset last_bfqq_created on group change"). So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges") out. This commit restores it. [1] https://bugzilla.kernel.org/show_bug.cgi?id=214503
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.19.238 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/15729ff8143f8135b03988a100a19e66d7cb7ecdPatch
- https://git.kernel.org/stable/c/4083925bd6dc89216d156474a8076feec904e607Patch
- https://git.kernel.org/stable/c/65d8a737452e88f251fe5d925371de6d606df613Patch
- https://git.kernel.org/stable/c/931aff627469a75c77b9fd3823146d0575afffd6Patch
- https://git.kernel.org/stable/c/abc2129e646af7b43025d90a071f83043f1ae76cPatch
- https://git.kernel.org/stable/c/cc051f497eac9d8a0d816cd4bffa3415f2724871Patch
- https://git.kernel.org/stable/c/f990f0985eda59d4f29fc83fcf300c92b1225d39Patch
FAQ
What is CVE-2021-47646?
CVE-2021-47646 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d5...
How severe is CVE-2021-47646?
CVE-2021-47646 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47646?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.