What is CVE-2021-47066?

CVE-2021-47066 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47066 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47066?

CVE-2021-47066 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47066?

No patch is currently available for CVE-2021-47066. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47066 actively exploited?

CVE-2021-47066 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47066

Medium

In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size. To support this, it needs to support calculating xor value with different offsets for each r5dev. One offset array is used to record those offsets. In RMW mode, parity page is used as a source page. It sets ASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5. So it needs to add src_list and src_offs at the same time. Now it only needs src_list. So the xor value which is calculated is wrong. It can cause data corruption problem. I can reproduce this problem 100% on a POWER8 machine. The steps are: mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G mkfs.xfs /dev/md0 mount /dev/md0 /mnt/test mount: /mnt/test: mount(2) system call failed: Structure needs cleaning.

Package Linux Kernel

Published 2024-02-29

Last modified 2025-01-09

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2021-47066 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af
Patch
Kernel patch commit
https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18
Patch
Kernel patch commit
https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2021-47066

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-02-29

Modified 2025-01-09

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47066?

CVE-2021-47066 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47066 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47066?

CVE-2021-47066 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47066?

No patch is currently available for CVE-2021-47066. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47066 actively exploited?

No — CVE-2021-47066 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.