CVE-2021-4149

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2026485	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html	Mailing List Third Party Advisory
https://lkml.org/lkml/2021/10/18/885	Exploit Mailing List Patch Third Party Advisory
https://lkml.org/lkml/2021/9/13/2565	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.15:-::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc5::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

01 Feb 2023, 15:53

Type	Values Removed	Values Added
First Time		Debian Debian debian Linux
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html - Mailing List, Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*

01 Jul 2022, 14:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html -

22 Jun 2022, 15:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:linux:linux_kernel:5.15:rc5:::::: cpe:2.3:a:linux:linux_kernel:5.15:-:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc3:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc4:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc2::::::	cpe:2.3:o:linux:linux_kernel:5.15:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.15:-:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc3::::::

30 Mar 2022, 14:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:linux:linux_kernel:5.15:rc2:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc5:::::: cpe:2.3:a:linux:linux_kernel:5.15:-:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc3:::::: cpe:2.3:a:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:a:linux:linux_kernel:5.15:rc4::::::
First Time		Linux linux Kernel Linux
CWE		CWE-667
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5
References	~~(MISC) https://lkml.org/lkml/2021/9/13/2565 -~~	(MISC) https://lkml.org/lkml/2021/9/13/2565 - Exploit, Mailing List, Third Party Advisory
References	~~(MISC) https://lkml.org/lkml/2021/10/18/885 -~~	(MISC) https://lkml.org/lkml/2021/10/18/885 - Exploit, Mailing List, Patch, Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2026485 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2026485 - Issue Tracking, Third Party Advisory

23 Mar 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-23 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-4149

Mitre link : CVE-2021-4149

CVE.ORG link : CVE-2021-4149

JSON object : View

Products Affected

linux

linux_kernel

debian

debian_linux

CWE

CWE-667

Improper Locking

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-4149

5.5^/10

2.1^/10

Attach tags to `CVE-2021-4149`