CVE-2021-47343: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read details_info tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadata_ll_load_ie+0x14/0x30 Call Trace: sm_metadata_count_is_more_than_one+0xb9/0xe0 dm_tm_shadow_block+0x52/0x1c0 shadow_step+0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 dm_ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds
AI Analysis
Technical Summary
CVE-2021-47343 is a vulnerability in the Linux kernel's device mapper (dm) subsystem, specifically within the dm_btree_remove() function used by dm-thin provisioning. The flaw arises when the remove_raw() function fails due to an I/O read error, such as failing to read the content of an origin block during shadowing operations. In this failure scenario, the shadow_spine::root variable remains uninitialized but is still assigned to new_root at the end of dm_btree_remove(). This leads to pmd->details_root or pmd->root holding uninitialized values. Subsequent attempts to read the details_info tree can cause out-of-bounds memory access, resulting in a general protection fault and potential kernel crash. The vulnerability manifests as a general protection fault triggered by dereferencing invalid memory addresses, as demonstrated by the provided kernel stack trace. The root cause is improper handling of error conditions in dm_btree_remove(), where new_root is assigned only if removal succeeds, which was missing before the fix. This bug affects Linux kernel versions prior to the patch and impacts systems using dm-thin devices for thin provisioning. Exploitation requires triggering I/O read errors during device mapper operations, which could be induced by malicious or faulty storage devices or drivers. The vulnerability can cause denial of service through kernel crashes and may potentially be leveraged for privilege escalation or arbitrary code execution if combined with other bugs, although no known exploits are reported in the wild as of now. The patch involves ensuring new_root is assigned only when the removal operation succeeds, preventing uninitialized memory usage.
Potential Impact
For European organizations, the impact of CVE-2021-47343 is primarily related to system stability and availability. Organizations relying on Linux servers with dm-thin provisioning for storage efficiency—common in data centers, cloud providers, and enterprise IT environments—may experience kernel crashes leading to denial of service. This can disrupt critical services, data processing, and storage operations. While direct exploitation for data breach or privilege escalation is not confirmed, the vulnerability could be leveraged in targeted attacks to cause system outages or as part of a multi-stage exploit chain. The impact is more severe in environments with high storage I/O and thin provisioning usage, such as virtualization hosts, container platforms, and cloud infrastructure. Given Linux's widespread use in European government, financial, telecommunications, and industrial sectors, unpatched systems could face operational disruptions. Additionally, the vulnerability could affect embedded Linux devices in industrial control systems or network appliances, potentially impacting critical infrastructure. The lack of known exploits reduces immediate risk, but the presence of a kernel-level bug warrants prompt attention to avoid potential exploitation or accidental system failures.
Mitigation Recommendations
European organizations should prioritize applying the official Linux kernel patches that fix CVE-2021-47343 as soon as they are available from their Linux distribution vendors. Until patches are deployed, organizations should: 1) Monitor system logs for dm-thin related errors or kernel oops/panics indicative of this issue. 2) Limit exposure by restricting access to systems running vulnerable kernels, especially those handling untrusted storage devices or networks. 3) Avoid using thin provisioning on critical systems if feasible, or implement additional storage integrity checks. 4) Employ kernel live patching solutions where supported to minimize downtime during patch deployment. 5) Conduct thorough testing of storage subsystems and device mapper configurations to detect anomalies. 6) Maintain robust backup and recovery procedures to mitigate impact of potential crashes. 7) Coordinate with hardware vendors to ensure storage devices and drivers are reliable and do not induce I/O errors that could trigger the vulnerability. These steps go beyond generic advice by focusing on the specific subsystem and operational context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2021-47343: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read details_info tree again out-of-bound memory may occur as showed below: general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 Hardware name: QEMU Standard PC RIP: 0010:metadata_ll_load_ie+0x14/0x30 Call Trace: sm_metadata_count_is_more_than_one+0xb9/0xe0 dm_tm_shadow_block+0x52/0x1c0 shadow_step+0x59/0xf0 remove_raw+0xb2/0x170 dm_btree_remove+0xf4/0x1c0 dm_pool_delete_thin_device+0xc3/0x140 pool_message+0x218/0x2b0 target_message+0x251/0x290 ctl_ioctl+0x1c4/0x4d0 dm_ctl_ioctl+0xe/0x20 __x64_sys_ioctl+0x7b/0xb0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixing it by only assign new_root when removal succeeds
AI-Powered Analysis
Technical Analysis
CVE-2021-47343 is a vulnerability in the Linux kernel's device mapper (dm) subsystem, specifically within the dm_btree_remove() function used by dm-thin provisioning. The flaw arises when the remove_raw() function fails due to an I/O read error, such as failing to read the content of an origin block during shadowing operations. In this failure scenario, the shadow_spine::root variable remains uninitialized but is still assigned to new_root at the end of dm_btree_remove(). This leads to pmd->details_root or pmd->root holding uninitialized values. Subsequent attempts to read the details_info tree can cause out-of-bounds memory access, resulting in a general protection fault and potential kernel crash. The vulnerability manifests as a general protection fault triggered by dereferencing invalid memory addresses, as demonstrated by the provided kernel stack trace. The root cause is improper handling of error conditions in dm_btree_remove(), where new_root is assigned only if removal succeeds, which was missing before the fix. This bug affects Linux kernel versions prior to the patch and impacts systems using dm-thin devices for thin provisioning. Exploitation requires triggering I/O read errors during device mapper operations, which could be induced by malicious or faulty storage devices or drivers. The vulnerability can cause denial of service through kernel crashes and may potentially be leveraged for privilege escalation or arbitrary code execution if combined with other bugs, although no known exploits are reported in the wild as of now. The patch involves ensuring new_root is assigned only when the removal operation succeeds, preventing uninitialized memory usage.
Potential Impact
For European organizations, the impact of CVE-2021-47343 is primarily related to system stability and availability. Organizations relying on Linux servers with dm-thin provisioning for storage efficiency—common in data centers, cloud providers, and enterprise IT environments—may experience kernel crashes leading to denial of service. This can disrupt critical services, data processing, and storage operations. While direct exploitation for data breach or privilege escalation is not confirmed, the vulnerability could be leveraged in targeted attacks to cause system outages or as part of a multi-stage exploit chain. The impact is more severe in environments with high storage I/O and thin provisioning usage, such as virtualization hosts, container platforms, and cloud infrastructure. Given Linux's widespread use in European government, financial, telecommunications, and industrial sectors, unpatched systems could face operational disruptions. Additionally, the vulnerability could affect embedded Linux devices in industrial control systems or network appliances, potentially impacting critical infrastructure. The lack of known exploits reduces immediate risk, but the presence of a kernel-level bug warrants prompt attention to avoid potential exploitation or accidental system failures.
Mitigation Recommendations
European organizations should prioritize applying the official Linux kernel patches that fix CVE-2021-47343 as soon as they are available from their Linux distribution vendors. Until patches are deployed, organizations should: 1) Monitor system logs for dm-thin related errors or kernel oops/panics indicative of this issue. 2) Limit exposure by restricting access to systems running vulnerable kernels, especially those handling untrusted storage devices or networks. 3) Avoid using thin provisioning on critical systems if feasible, or implement additional storage integrity checks. 4) Employ kernel live patching solutions where supported to minimize downtime during patch deployment. 5) Conduct thorough testing of storage subsystems and device mapper configurations to detect anomalies. 6) Maintain robust backup and recovery procedures to mitigate impact of potential crashes. 7) Coordinate with hardware vendors to ensure storage devices and drivers are reliable and do not induce I/O errors that could trigger the vulnerability. These steps go beyond generic advice by focusing on the specific subsystem and operational context of the vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:28:16.979Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea4e7
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 10:37:35 AM
Last updated: 8/14/2025, 12:45:34 PM
Views: 13
Related Threats
CVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumResearcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.