CVE-2021-47117: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4] [130747.335368] ext4_find_extent+0x300/0x330 [ext4] [130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4] [130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4] [130747.336995] ext4_readpage+0x54/0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8 [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4] [130747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110] ksys_read+0x74/0xf0 This patch's modification is according to Jan Kara's suggestion in: https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/ "I see. Now I understand your patch. Honestly, seeing how fragile is trying to fix extent tree after split has failed in the middle, I would probably go even further and make sure we fix the tree properly in case of ENOSPC and EDQUOT (those are easily user triggerable). Anything else indicates a HW problem or fs corruption so I'd rather leave the extent tree as is and don't try to fix it (which also means we will not create overlapping extents)."
AI Analysis
Technical Summary
CVE-2021-47117 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically within the ext4_es_cache_extent function. The issue arises due to improper handling of extent tree modifications when ext4_split_extent_at fails, particularly under conditions where IO faults are injected or when the filesystem encounters errors such as ENOSPC (no space left on device) or EDQUOT (disk quota exceeded). The bug manifests as a kernel BUG or Oops, leading to a kernel panic and potential system crash. The root cause is the fragile nature of fixing the extent tree after a failed split operation, which can leave the extent tree in an inconsistent state. The patch, influenced by expert recommendations, aims to properly fix the extent tree in user-triggerable error cases (ENOSPC and EDQUOT) while avoiding attempts to fix it in cases that likely indicate hardware problems or filesystem corruption, thereby preventing overlapping extents and maintaining filesystem integrity. This vulnerability affects multiple versions of the Linux kernel identified by specific commit hashes and was publicly disclosed in March 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability could lead to system instability or crashes on Linux servers and devices using the ext4 filesystem, which is widely deployed in enterprise environments, cloud infrastructures, and embedded systems. The kernel panic caused by this vulnerability can result in denial of service (DoS), disrupting critical services, data processing, or availability of applications. While the vulnerability does not directly indicate data corruption or unauthorized access, the potential for filesystem inconsistency could lead to data loss or require recovery procedures, impacting business continuity. Organizations relying on Linux-based infrastructure for web hosting, cloud services, or internal systems may experience operational disruptions. Given the prevalence of Linux in European data centers and government institutions, the impact could be significant if exploited or triggered inadvertently, especially in environments with heavy IO operations or where disk quotas are enforced.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2021-47117 as soon as it becomes available in your distribution's updates. 2. Monitor kernel updates from your Linux distribution vendors (e.g., Debian, Ubuntu, Red Hat, SUSE) and prioritize patching ext4-related fixes. 3. Implement rigorous testing of kernel updates in staging environments to detect any regressions or stability issues before production deployment. 4. Limit the possibility of triggering the vulnerability by monitoring and managing disk space usage and quotas proactively to avoid ENOSPC and EDQUOT conditions. 5. Employ filesystem integrity monitoring tools and regular backups to mitigate potential data loss from unexpected crashes. 6. For critical systems, consider using alternative filesystems with different codebases if immediate patching is not feasible, while weighing operational impacts. 7. Educate system administrators about the symptoms of this vulnerability (kernel BUGs related to ext4) to enable rapid detection and response.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2021-47117: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4] [130747.335368] ext4_find_extent+0x300/0x330 [ext4] [130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4] [130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4] [130747.336995] ext4_readpage+0x54/0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8 [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4] [130747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110] ksys_read+0x74/0xf0 This patch's modification is according to Jan Kara's suggestion in: https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/ "I see. Now I understand your patch. Honestly, seeing how fragile is trying to fix extent tree after split has failed in the middle, I would probably go even further and make sure we fix the tree properly in case of ENOSPC and EDQUOT (those are easily user triggerable). Anything else indicates a HW problem or fs corruption so I'd rather leave the extent tree as is and don't try to fix it (which also means we will not create overlapping extents)."
AI-Powered Analysis
Technical Analysis
CVE-2021-47117 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically within the ext4_es_cache_extent function. The issue arises due to improper handling of extent tree modifications when ext4_split_extent_at fails, particularly under conditions where IO faults are injected or when the filesystem encounters errors such as ENOSPC (no space left on device) or EDQUOT (disk quota exceeded). The bug manifests as a kernel BUG or Oops, leading to a kernel panic and potential system crash. The root cause is the fragile nature of fixing the extent tree after a failed split operation, which can leave the extent tree in an inconsistent state. The patch, influenced by expert recommendations, aims to properly fix the extent tree in user-triggerable error cases (ENOSPC and EDQUOT) while avoiding attempts to fix it in cases that likely indicate hardware problems or filesystem corruption, thereby preventing overlapping extents and maintaining filesystem integrity. This vulnerability affects multiple versions of the Linux kernel identified by specific commit hashes and was publicly disclosed in March 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability could lead to system instability or crashes on Linux servers and devices using the ext4 filesystem, which is widely deployed in enterprise environments, cloud infrastructures, and embedded systems. The kernel panic caused by this vulnerability can result in denial of service (DoS), disrupting critical services, data processing, or availability of applications. While the vulnerability does not directly indicate data corruption or unauthorized access, the potential for filesystem inconsistency could lead to data loss or require recovery procedures, impacting business continuity. Organizations relying on Linux-based infrastructure for web hosting, cloud services, or internal systems may experience operational disruptions. Given the prevalence of Linux in European data centers and government institutions, the impact could be significant if exploited or triggered inadvertently, especially in environments with heavy IO operations or where disk quotas are enforced.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2021-47117 as soon as it becomes available in your distribution's updates. 2. Monitor kernel updates from your Linux distribution vendors (e.g., Debian, Ubuntu, Red Hat, SUSE) and prioritize patching ext4-related fixes. 3. Implement rigorous testing of kernel updates in staging environments to detect any regressions or stability issues before production deployment. 4. Limit the possibility of triggering the vulnerability by monitoring and managing disk space usage and quotas proactively to avoid ENOSPC and EDQUOT conditions. 5. Employ filesystem integrity monitoring tools and regular backups to mitigate potential data loss from unexpected crashes. 6. For critical systems, consider using alternative filesystems with different codebases if immediate patching is not feasible, while weighing operational impacts. 7. Educate system administrators about the symptoms of this vulnerability (kernel BUGs related to ext4) to enable rapid detection and response.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-04T18:12:48.838Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9da2
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 9:57:07 PM
Last updated: 8/14/2025, 8:56:09 AM
Views: 13
Related Threats
CVE-2025-8961: Memory Corruption in LibTIFF
MediumCVE-2025-8960: SQL Injection in Campcodes Online Flight Booking Management System
MediumCVE-2025-8958: Stack-based Buffer Overflow in Tenda TX3
HighCVE-2025-8957: SQL Injection in Campcodes Online Flight Booking Management System
MediumCVE-2025-54707: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in RealMag777 MDTF
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.