CVE-2021-47458: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that strings for cluster stack and cluster name are not guaranteed to be null terminated in the disk representation, while strlcpy assumes that the source string is always null terminated. This causes a read outside of the source string triggering the buffer overflow detection. detected buffer overflow in strlen ------------[ cut here ]------------ kernel BUG at lib/string.c:1149! invalid opcode: 0000 [#1] SMP PTI CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1 Debian 5.14.6-2 RIP: 0010:fortify_panic+0xf/0x11 ... Call Trace: ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] ocfs2_fill_super+0x359/0x19b0 [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_mount+0x454/0xa20 __x64_sys_mount+0x103/0x140 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae
AI Analysis
Technical Summary
CVE-2021-47458 is a vulnerability identified in the Linux kernel affecting the OCFS2 (Oracle Cluster File System version 2) filesystem driver. The issue arises when mounting an OCFS2 filesystem using either the o2cb or pcmk cluster stack on Linux kernels starting from version 5.11 compiled with the CONFIG_FORTIFY_SOURCE option enabled. The root cause is that the cluster stack and cluster name strings stored on disk are not guaranteed to be null-terminated, but the kernel code uses strlcpy and strlen functions that assume null-termination. This mismatch leads to a read beyond the intended buffer boundary during the mount operation, triggering a buffer overflow detection and causing a kernel panic (BUG). The vulnerability manifests as a kernel crash with a buffer overflow detected in strlen, resulting in a denial of service (DoS) condition. The stack trace shows the failure occurs during the ocfs2_initialize_super and ocfs2_fill_super functions, which are responsible for mounting and initializing the OCFS2 filesystem. Since this vulnerability triggers a kernel panic, it can cause system instability or downtime on affected systems. The flaw is due to improper handling of string termination in on-disk metadata, which is a logic error in the OCFS2 filesystem driver. No known exploits are reported in the wild as of the publication date. The vulnerability affects Linux kernel versions 5.11 and later with CONFIG_FORTIFY_SOURCE enabled and using OCFS2 with cluster stacks o2cb or pcmk. No CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels 5.11 or newer with OCFS2 filesystems configured with cluster stacks o2cb or pcmk. OCFS2 is typically used in clustered environments requiring shared storage, such as database clusters or high-availability systems. Exploitation leads to a kernel panic and system crash during mount operations, causing denial of service. This can disrupt critical services relying on clustered storage, impacting availability and potentially causing operational downtime. Confidentiality and integrity impacts are limited since the vulnerability does not allow arbitrary code execution or privilege escalation directly. However, repeated crashes or forced reboots can lead to data unavailability and operational interruptions. European enterprises with clustered Linux environments, especially in sectors like finance, telecommunications, and manufacturing that rely on high-availability storage clusters, may be affected. The vulnerability could also impact cloud providers and data centers in Europe that use OCFS2 for clustered storage solutions. Given the kernel panic nature, the threat is more about availability disruption than data breach or system compromise.
Mitigation Recommendations
1. Upgrade the Linux kernel to a version where this vulnerability is patched. Monitor official Linux kernel repositories and vendor advisories for updates addressing CVE-2021-47458. 2. If upgrading immediately is not feasible, avoid mounting OCFS2 filesystems with cluster stacks o2cb or pcmk on affected kernel versions compiled with CONFIG_FORTIFY_SOURCE enabled. 3. Review cluster storage configurations and consider alternative cluster filesystems or storage solutions that do not exhibit this vulnerability. 4. Implement monitoring to detect kernel panics or mount failures related to OCFS2 filesystems to enable rapid incident response. 5. For critical systems, schedule maintenance windows to apply patches and test cluster mounts to prevent unexpected downtime. 6. Engage with Linux distribution vendors for backported patches if using long-term support kernels. 7. Ensure backups and disaster recovery plans are current to mitigate potential data availability issues caused by unexpected crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Italy, Spain, Poland
CVE-2021-47458: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that strings for cluster stack and cluster name are not guaranteed to be null terminated in the disk representation, while strlcpy assumes that the source string is always null terminated. This causes a read outside of the source string triggering the buffer overflow detection. detected buffer overflow in strlen ------------[ cut here ]------------ kernel BUG at lib/string.c:1149! invalid opcode: 0000 [#1] SMP PTI CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1 Debian 5.14.6-2 RIP: 0010:fortify_panic+0xf/0x11 ... Call Trace: ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] ocfs2_fill_super+0x359/0x19b0 [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_mount+0x454/0xa20 __x64_sys_mount+0x103/0x140 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae
AI-Powered Analysis
Technical Analysis
CVE-2021-47458 is a vulnerability identified in the Linux kernel affecting the OCFS2 (Oracle Cluster File System version 2) filesystem driver. The issue arises when mounting an OCFS2 filesystem using either the o2cb or pcmk cluster stack on Linux kernels starting from version 5.11 compiled with the CONFIG_FORTIFY_SOURCE option enabled. The root cause is that the cluster stack and cluster name strings stored on disk are not guaranteed to be null-terminated, but the kernel code uses strlcpy and strlen functions that assume null-termination. This mismatch leads to a read beyond the intended buffer boundary during the mount operation, triggering a buffer overflow detection and causing a kernel panic (BUG). The vulnerability manifests as a kernel crash with a buffer overflow detected in strlen, resulting in a denial of service (DoS) condition. The stack trace shows the failure occurs during the ocfs2_initialize_super and ocfs2_fill_super functions, which are responsible for mounting and initializing the OCFS2 filesystem. Since this vulnerability triggers a kernel panic, it can cause system instability or downtime on affected systems. The flaw is due to improper handling of string termination in on-disk metadata, which is a logic error in the OCFS2 filesystem driver. No known exploits are reported in the wild as of the publication date. The vulnerability affects Linux kernel versions 5.11 and later with CONFIG_FORTIFY_SOURCE enabled and using OCFS2 with cluster stacks o2cb or pcmk. No CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels 5.11 or newer with OCFS2 filesystems configured with cluster stacks o2cb or pcmk. OCFS2 is typically used in clustered environments requiring shared storage, such as database clusters or high-availability systems. Exploitation leads to a kernel panic and system crash during mount operations, causing denial of service. This can disrupt critical services relying on clustered storage, impacting availability and potentially causing operational downtime. Confidentiality and integrity impacts are limited since the vulnerability does not allow arbitrary code execution or privilege escalation directly. However, repeated crashes or forced reboots can lead to data unavailability and operational interruptions. European enterprises with clustered Linux environments, especially in sectors like finance, telecommunications, and manufacturing that rely on high-availability storage clusters, may be affected. The vulnerability could also impact cloud providers and data centers in Europe that use OCFS2 for clustered storage solutions. Given the kernel panic nature, the threat is more about availability disruption than data breach or system compromise.
Mitigation Recommendations
1. Upgrade the Linux kernel to a version where this vulnerability is patched. Monitor official Linux kernel repositories and vendor advisories for updates addressing CVE-2021-47458. 2. If upgrading immediately is not feasible, avoid mounting OCFS2 filesystems with cluster stacks o2cb or pcmk on affected kernel versions compiled with CONFIG_FORTIFY_SOURCE enabled. 3. Review cluster storage configurations and consider alternative cluster filesystems or storage solutions that do not exhibit this vulnerability. 4. Implement monitoring to detect kernel panics or mount failures related to OCFS2 filesystems to enable rapid incident response. 5. For critical systems, schedule maintenance windows to apply patches and test cluster mounts to prevent unexpected downtime. 6. Engage with Linux distribution vendors for backported patches if using long-term support kernels. 7. Ensure backups and disaster recovery plans are current to mitigate potential data availability issues caused by unexpected crashes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:58:30.833Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe91d2
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 1:25:03 PM
Last updated: 8/15/2025, 4:22:06 AM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.