SB2024070267 - Resource management error in Linux kernel md driver
Published: July 2, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070267
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2021-46950)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper management of internal resources within the raid1_end_write_request() function in drivers/md/raid1.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12216d0919b64ee2ea5dc7a50e455670f44383d5
- https://git.kernel.org/stable/c/a6e17cab00fc5bf85472434c52ac751426257c6f
- https://git.kernel.org/stable/c/6920cef604fa57f9409e3960413e9cc11f5c5a40
- https://git.kernel.org/stable/c/661061a45e32d8b2cc0e306da9f169ad44011382
- https://git.kernel.org/stable/c/59452e551784b7a57a45d971727e9db63b192515
- https://git.kernel.org/stable/c/538244fba59fde17186322776247cd9c05be86dd
- https://git.kernel.org/stable/c/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.118