CVE-2021-47638: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ubifs: rename_whiteout: Fix double free for whiteout_ui->data 'whiteout_ui->data' will be freed twice if space budget fail for rename whiteout operation as following process: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Free first time iput(whiteout) ubifs_free_inode kfree(ui->data) // Double free! KASAN reports: ================================================================== BUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70 Call Trace: kfree+0x117/0x490 ubifs_free_inode+0x4f/0x70 [ubifs] i_callback+0x30/0x60 rcu_do_batch+0x366/0xac0 __do_softirq+0x133/0x57f Allocated by task 1506: kmem_cache_alloc_trace+0x3c2/0x7a0 do_rename+0x9b7/0x1150 [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 Freed by task 1506: kfree+0x117/0x490 do_rename.cold+0x53/0x8a [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 The buggy address belongs to the object at ffff88810238bed8 which belongs to the cache kmalloc-8 of size 8 ================================================================== Let ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused assignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode() -> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it (because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release', and the nlink of whiteout inode is 0).
AI Analysis
Technical Summary
CVE-2021-47638 is a vulnerability identified in the Linux kernel's UBIFS (UBI File System) component, specifically within the rename_whiteout operation. The flaw is a double-free memory error involving the whiteout_ui->data pointer. During the rename whiteout process, whiteout_ui->data is allocated memory and freed twice due to improper handling in the ubifs_free_inode function. The sequence begins with allocation via kmalloc, followed by an initial free call on whiteout_ui->data. Subsequently, when the inode is released (iput call), ubifs_free_inode attempts to free the same memory again, leading to a double-free condition. This is confirmed by Kernel Address Sanitizer (KASAN) reports showing a double-free or invalid-free bug trace in ubifs_free_inode. The vulnerability arises because the code does not correctly track ownership and lifecycle of the whiteout_ui->data pointer, causing the kernel to free the same memory twice. The fix involves ensuring ubifs_free_inode is responsible for freeing whiteout_ui->data and removing redundant or unused assignments that could confuse the memory management logic. This vulnerability affects Linux kernel versions containing the UBIFS implementation with the specified commit hashes. Although no known exploits are reported in the wild, the flaw can lead to memory corruption, potentially causing kernel crashes or enabling privilege escalation if exploited. The vulnerability does not require user interaction but does require the ability to perform rename operations on UBIFS-mounted filesystems, which may limit exposure to certain environments such as embedded systems or devices using UBIFS on flash storage. No CVSS score is assigned to this vulnerability as of the publication date.
Potential Impact
For European organizations, the impact of CVE-2021-47638 depends largely on their use of Linux systems with UBIFS filesystems, which are typically found in embedded devices, IoT equipment, and specialized storage solutions rather than general-purpose servers or desktops. If exploited, this vulnerability could lead to kernel memory corruption resulting in system instability or crashes, potentially causing denial of service. More critically, attackers with local access could leverage this flaw to execute arbitrary code in kernel mode, leading to privilege escalation and full system compromise. This poses a significant risk for organizations relying on Linux-based embedded devices for critical infrastructure, industrial control systems, or telecommunications equipment. Disruption or compromise of such devices could impact operational continuity and data integrity. Although the vulnerability requires local access and specific filesystem usage, the widespread deployment of Linux in European industries means that affected devices could be present in sectors such as manufacturing, automotive, and smart city infrastructure. The lack of known exploits reduces immediate risk, but the potential for future exploitation necessitates proactive mitigation.
Mitigation Recommendations
To mitigate CVE-2021-47638, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted Linux distribution vendors or kernel maintainers. 2) Identify and inventory devices and systems using UBIFS filesystems, particularly embedded and IoT devices, to assess exposure. 3) Restrict local access to systems running vulnerable kernels and UBIFS filesystems to trusted users only, minimizing the risk of exploitation. 4) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) and other memory safety tools during development and testing phases to detect similar issues early. 5) Monitor system logs and kernel messages for anomalies or crashes related to UBIFS operations that could indicate exploitation attempts. 6) For devices where patching is not feasible, consider isolating them within network segments with strict access controls to limit attack surface. 7) Collaborate with device manufacturers and vendors to ensure timely firmware and kernel updates incorporating the fix. These steps go beyond generic advice by focusing on filesystem-specific risk assessment, local access control, and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland, Poland
CVE-2021-47638: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ubifs: rename_whiteout: Fix double free for whiteout_ui->data 'whiteout_ui->data' will be freed twice if space budget fail for rename whiteout operation as following process: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Free first time iput(whiteout) ubifs_free_inode kfree(ui->data) // Double free! KASAN reports: ================================================================== BUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70 Call Trace: kfree+0x117/0x490 ubifs_free_inode+0x4f/0x70 [ubifs] i_callback+0x30/0x60 rcu_do_batch+0x366/0xac0 __do_softirq+0x133/0x57f Allocated by task 1506: kmem_cache_alloc_trace+0x3c2/0x7a0 do_rename+0x9b7/0x1150 [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 Freed by task 1506: kfree+0x117/0x490 do_rename.cold+0x53/0x8a [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 The buggy address belongs to the object at ffff88810238bed8 which belongs to the cache kmalloc-8 of size 8 ================================================================== Let ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused assignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode() -> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it (because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release', and the nlink of whiteout inode is 0).
AI-Powered Analysis
Technical Analysis
CVE-2021-47638 is a vulnerability identified in the Linux kernel's UBIFS (UBI File System) component, specifically within the rename_whiteout operation. The flaw is a double-free memory error involving the whiteout_ui->data pointer. During the rename whiteout process, whiteout_ui->data is allocated memory and freed twice due to improper handling in the ubifs_free_inode function. The sequence begins with allocation via kmalloc, followed by an initial free call on whiteout_ui->data. Subsequently, when the inode is released (iput call), ubifs_free_inode attempts to free the same memory again, leading to a double-free condition. This is confirmed by Kernel Address Sanitizer (KASAN) reports showing a double-free or invalid-free bug trace in ubifs_free_inode. The vulnerability arises because the code does not correctly track ownership and lifecycle of the whiteout_ui->data pointer, causing the kernel to free the same memory twice. The fix involves ensuring ubifs_free_inode is responsible for freeing whiteout_ui->data and removing redundant or unused assignments that could confuse the memory management logic. This vulnerability affects Linux kernel versions containing the UBIFS implementation with the specified commit hashes. Although no known exploits are reported in the wild, the flaw can lead to memory corruption, potentially causing kernel crashes or enabling privilege escalation if exploited. The vulnerability does not require user interaction but does require the ability to perform rename operations on UBIFS-mounted filesystems, which may limit exposure to certain environments such as embedded systems or devices using UBIFS on flash storage. No CVSS score is assigned to this vulnerability as of the publication date.
Potential Impact
For European organizations, the impact of CVE-2021-47638 depends largely on their use of Linux systems with UBIFS filesystems, which are typically found in embedded devices, IoT equipment, and specialized storage solutions rather than general-purpose servers or desktops. If exploited, this vulnerability could lead to kernel memory corruption resulting in system instability or crashes, potentially causing denial of service. More critically, attackers with local access could leverage this flaw to execute arbitrary code in kernel mode, leading to privilege escalation and full system compromise. This poses a significant risk for organizations relying on Linux-based embedded devices for critical infrastructure, industrial control systems, or telecommunications equipment. Disruption or compromise of such devices could impact operational continuity and data integrity. Although the vulnerability requires local access and specific filesystem usage, the widespread deployment of Linux in European industries means that affected devices could be present in sectors such as manufacturing, automotive, and smart city infrastructure. The lack of known exploits reduces immediate risk, but the potential for future exploitation necessitates proactive mitigation.
Mitigation Recommendations
To mitigate CVE-2021-47638, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted Linux distribution vendors or kernel maintainers. 2) Identify and inventory devices and systems using UBIFS filesystems, particularly embedded and IoT devices, to assess exposure. 3) Restrict local access to systems running vulnerable kernels and UBIFS filesystems to trusted users only, minimizing the risk of exploitation. 4) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) and other memory safety tools during development and testing phases to detect similar issues early. 5) Monitor system logs and kernel messages for anomalies or crashes related to UBIFS operations that could indicate exploitation attempts. 6) For devices where patching is not feasible, consider isolating them within network segments with strict access controls to limit attack surface. 7) Collaborate with device manufacturers and vendors to ensure timely firmware and kernel updates incorporating the fix. These steps go beyond generic advice by focusing on filesystem-specific risk assessment, local access control, and proactive monitoring tailored to the nature of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:48:21.519Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9629
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 3:41:37 PM
Last updated: 7/28/2025, 12:42:27 PM
Views: 10
Related Threats
CVE-2025-8938: Backdoor in TOTOLINK N350R
MediumCVE-2025-8937: Command Injection in TOTOLINK N350R
MediumCVE-2025-8936: SQL Injection in 1000 Projects Sales Management System
MediumCVE-2025-5942: CWE-122 Heap-based Buffer Overflow in Netskope Netskope Client
MediumCVE-2025-5941: CWE-125 Out-of-Bounds Read in Netskope Netskope Client
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.