What is CVE-2021-47114?

CVE-2021-47114 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47114 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47114?

CVE-2021-47114 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47114?

No patch is currently available for CVE-2021-47114. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47114 actively exploited?

CVE-2021-47114 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47114

Medium

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at that time isize is not yet updated to match the new size, if writeback is kicked in, it will invoke ocfs2_writepage()->block_write_full_page() where the pages out of inode size will be dropped. That will cause file corruption. Fix this by zero out eof blocks when extending the inode size. Running the following command with qemu-image 4.2.1 can get a corrupted coverted image file easily. qemu-img convert -p -t none -T none -f qcow2 $qcow_image \ -O qcow2 -o compat=1.1 $qcow_image.conv The usage of fallocate in qemu is like this, it first punches holes out of inode size, then extend the inode size. fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0 fallocate(11, 0, 2276196352, 65536) = 0 v1: https://www.spinics.net/lists/linux-fsdevel/msg193999.html v2: https://lore.kernel.org/linux-fsdevel/[email protected]/T/

Package Linux Kernel

Published 2024-03-15

Last modified 2025-04-04

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2021-47114 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0a31dd6fd2f4e7db538fb6eb1f06973d81f8dd3b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/33e03adafb29eedae1bae9cdb50c1385279fcf65
Patch
Kernel patch commit
https://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2021-47114

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-03-15

Modified 2025-04-04

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47114?

CVE-2021-47114 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47114 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47114?

CVE-2021-47114 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47114?

No patch is currently available for CVE-2021-47114. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47114 actively exploited?

No — CVE-2021-47114 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.