How severe is CVE-2021-47066?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-47066?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2021-47066

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size. To support this, it needs to support calculating xor value with different offsets for each r5dev. One offset array is used to record those offsets. In RMW mode, parity page is used as a source page. It sets ASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5. So it needs to add src_list and src_offs at the same time. Now it only needs src_list. So the xor value which is calculated is wrong. It can cause data corruption problem. I can reproduce this problem 100% on a POWER8 machine. The steps are: mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G mkfs.xfs /dev/md0 mount /dev/md0 /mnt/test mount: /mnt/test: mount(2) system call failed: Structure needs cleaning.

CVE-2006-3547

MEDIUM

CVSS:5.5(Medium)

EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machin...

NVD-CWE-Other2006

CVE-2007-3732

MEDIUM

CVSS:5.5(Medium)

In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRAC...

NVD-CWE-Other2007

CVE-2007-6716

MEDIUM

CVSS:5.5(Medium)

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a cert...

NVD-CWE-Other2007

CVE-2010-2066

MEDIUM

CVSS:5.5(Medium)

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a...

NVD-CWE-Other2010

CVE-2011-4112

MEDIUM

CVSS:5.5(Medium)

The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_...

NVD-CWE-Other2011

CVE-2011-5321

MEDIUM

CVSS:5.5(Medium)

The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and s...

NVD-CWE-Other2011

CVE-2021-47066

Vulnerability Description

Related Vulnerabilities

CVE-2006-3547

CVE-2007-3732

CVE-2007-6716

CVE-2010-2066

CVE-2011-4112

CVE-2011-5321