CVE-2021-46972: ovl: fix leaked dentry

Published Feb 27, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

ovl: fix leaked dentry

Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in ovllookup()"), overlayfs doesn't put temporary dentry when there is a metacopy error, which leads to dentry leaks when shutting down the related superblock:

overlayfs: refusing to follow metacopy origin for (/file0) ... BUG: Dentry (ptrval){i=3f33,n=file3} still in use (1) [unmount of overlay overlay] ... WARNING: CPU: 1 PID: 432 at umountcheck.cold+0x107/0x14d CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1 ... RIP: 0010:umountcheck.cold+0x107/0x14d ... Call Trace: dwalk+0x28c/0x950 ? dentrylruisolate+0x2b0/0x2b0 ? kasanslabfree+0x12/0x20 doonetree+0x33/0x60 shrinkdcacheforumount+0x78/0x1d0 genericshutdownsuper+0x70/0x440 killanonsuper+0x3e/0x70 deactivatelockedsuper+0xc4/0x160 deactivatesuper+0xfa/0x140 cleanupmnt+0x22e/0x370 cleanupmnt+0x1a/0x30 taskworkrun+0x139/0x210 doexit+0xb0c/0x2820 ? kasancheckread+0x1d/0x30 ? findheldlock+0x35/0x160 ? lockrelease+0x1b6/0x660 ? mmupdatenextowner+0xa20/0xa20 ? reacquireheldlocks+0x3f0/0x3f0 ? sanitizercovtraceconstcmp4+0x22/0x30 dogroupexit+0x135/0x380 dosysexitgroup.isra.0+0x20/0x20 x64sysexitgroup+0x3c/0x50 dosyscall64+0x45/0x70 entrySYSCALL64afterhwframe+0x44/0xae ... VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. Have a nice day...

This fix has been tested with a syzkaller reproducer.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

ovl: fix leaked dentry

The Linux kernel CVE team has assigned CVE-2021-46972 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/T/#u

Red Hat

Affected Software

11 affected componentsFixes available
redhat/kernel<5.10.35
5.10.35
redhat/kernel<5.11.19
5.11.19
redhat/kernel<5.12.2
5.12.2
redhat/kernel<5.13
5.13
Linux Linux kernel>=5.8<5.10.35
Linux Linux kernel>=5.11<5.11.19
Linux Linux kernel>=5.12<5.12.2
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95

Patch Available

https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94

Patch Available

https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8

Patch Available

https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41

Event History

Feb 27, 2024
CVE Published
via MITRE·06:47 PM
Data Sourced
via MITRE·06:47 PM
Description
Feb 29, 2024
Data Sourced
via Red Hat·07:04 AM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-46972?

CVE-2021-46972 is classified as a moderate severity vulnerability affecting the Linux kernel.

2

How do I fix CVE-2021-46972?

To fix CVE-2021-46972, you should update your Linux kernel to the latest patched versions 5.10.35, 5.11.19, 5.12.2, or 5.13.

3

Which Linux kernel versions are affected by CVE-2021-46972?

CVE-2021-46972 affects Linux kernel versions between 5.8 and 5.13.

4

What type of vulnerability is CVE-2021-46972?

CVE-2021-46972 is a vulnerability related to the overlay filesystem in the Linux kernel.

5

Is there a patch available for CVE-2021-46972?

Yes, patches to resolve CVE-2021-46972 are included in specific kernel updates for versions 5.10.35, 5.11.19, 5.12.2, and 5.13.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203